Built with Alectryon, running Coq+SerAPI v8.13.0+0.13.0. Bubbles () indicate interactive fragments: hover for details, tap to reveal contents. Use Ctrl+↑Ctrl+↓ to navigate, Ctrl+🖱️ to focus. On Mac, use ⌘ instead of Ctrl.
From iris.algebra Require Import gmap_view. (* Definition of [gmap_view] RA. *)From iris.proofmode Require Import base tactics classes. (* Iris's tactics. *)From hazel Require Import weakestpre deep_handler.From hazel Require Import notation tactics.Set Default Proof Using"Type".(* auto_diff.v *)(** * Implementation. *)(** In this section, we introduce an implementation of reverse mode automatic differentiation written in our calculus [HH]. This is the code that we are going to study throughout this theory. The idea is to use effects as a way to infer the sequence of arithmetic operations performed by the client during its evaluation. This list is known in the literature as the Wengert list. Notice that this idea is not new. Many implementations of reverse mode AD using effect handlers or delimited continuations already exist.*)Sectionimplementation.(** The typeclass [Num] provides a concrete implementation of a semiring [R] (to be defined later). This means that elements of [R] are accessible in [HH] trough the interface [Num].*)ClassNum := {
nzero : val;
none : val; (* <- Not to be confused with [None]! *)
nadd : val;
nmul : val;
}.SectionRMAD.Definitioncreate {N : Num} : val := λ: "n", InjR ("n", ref nzero).Definitionzero : val := InjLV (InjLV #()).Definitionone : val := InjLV (InjRV #()).Definitionadd : val := λ: "a""b", do: (InjLV #(), ("a", "b")).Definitionmul : val := λ: "a""b", do: (InjRV #(), ("a", "b")).Definitionget_val {N : Num} : val := λ: "x",
match: "x"with(* Constant. *) InjL "x" =>
match: "x"with(* Zero. *) InjL <> => nzero
| (* One. *) InjR <> => none
end
| (* Variable. *) InjR "x" => Fst "x"end.Definitionget_diff : val := λ: "x",
match: "x"with(* Constant. *) InjL <> => #() #() (* Unreachable. *)
| (* Variable. *) InjR "x" => Load (Snd "x")
end.Definitionupdate {N : Num} : val := λ: "x""incr",
match: "x"with(* Constant. *) InjL <> => #()
| (* Variable. *) InjR "x" =>
let: "xd" := Snd "x"in"xd" <- nadd (Load"xd") "incr"end.Definitionhandle {N : Num} : val := λ: "f""seed",
try: "f""seed"with
effect (λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with(* Add *) InjL <> =>
let: "x" := create (nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| (* Mul *) InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end
)
| return (λ: "res",
update "res" none)
end.Program InstanceADNum : Num := {
nzero := zero;
none := one;
nadd := add;
nmul := mul;
}.Definitiondiff (f : Num → expr) (N : Num) : expr :=
let: "vf" := f ADNum inλ: "a",
let: "x" := @create N "a"in
@handle N "vf""x";;
get_diff "x".EndRMAD.Endimplementation.(** * Mathematics. *)(** We define the mathematical notions for this case study. These definitions form the basis of a precise language for explaining AD. They appear in the specification of the algorithm and in the arguments conveying its correctness.*)(** The typeclass [RingSig] bundles the operations of a ring and [IsRing] bundles the axioms of a semiring. It will be useful in specifying the interface of numerical values.*)ClassRingSig (R : Set) := {
rzero : R;
rone : R;
radd : R → R → R;
rmul : R → R → R;
req : R → R → Prop;
}.ClassIsRing (R : Set) {RS : RingSig R} := {
req_equiv :> Equivalence req;
radd_ext :> Proper (req ==> req ==> req) radd;
rmul_ext :> Proper (req ==> req ==> req) rmul;
is_semi_ring : semi_ring_theory rzero rone radd rmul req
}.Sectiondefinitions.InductiveBinop : Set := Add | Mul.InductiveExpr (I : Set) : Set :=
Zero | One | Leaf (i : I) | Node (op : Binop) (el er : Expr I).Definitionvars {I : Set} `{CI : Countable I} : Expr I → gset I :=
fix vars (e : Expr I) : gset I :=
match e with
| Zero _
| One _ => ∅
| Leaf _ i => {[i]}
| Node _ _ el er => vars el ∪ vars er
end.Definitionbind {IJ : Set} (f : I → Expr J) : Expr I → Expr J :=
fix bind (e : Expr I) : Expr J :=
match e with
| Zero _ => Zero _
| One _ => One _
| Leaf _ i => f i
| Node _ op el er => Node _ op (bind el) (bind er)
end.Definitionmap {IJ : Set} (ϱ : I → J) : Expr I → Expr J :=
bind (λi, Leaf _ (ϱ i)).Definitiondenote {R : Set} {RS : RingSig R} : Binop → R → R → R :=
λop, match op withAdd => radd | Mul => rmul end.Definitioneval {R : Set} {RS : RingSig R} : Expr R → R :=
fixeval (e : Expr R) : R :=
match e with
| Zero _ => rzero
| One _ => rone
| Leaf _ r => r
| Node _ op el er => denote op (eval el) (eval er)
end.InductiveExpr_equiv {I : Set} : Expr I → Expr I → Prop :=
(* Equivalence. *)
| Expr_equiv_refl e :
Expr_equiv e e
| Expr_equiv_symm e₁ e₂ :
Expr_equiv e₁ e₂ → Expr_equiv e₂ e₁
| Expr_equiv_trans e₁ e₂ e₃ :
Expr_equiv e₁ e₂ → Expr_equiv e₂ e₃ → Expr_equiv e₁ e₃
(* [Node _ Add] and [Node _ Mul] are instances of [Proper]. *)
| Expr_equiv_ext op :
Proper (Expr_equiv ==> Expr_equiv ==> Expr_equiv) (Node _ op)
(* Semiring axioms. *)
| (* SRadd_0_l. *)
Expr_equiv_add_0_l e :
Expr_equiv (Node _ Add (Zero _) e) e
| (* SR(add|mul)_comm. *)
Expr_equiv_comm op e₁ e₂ :
Expr_equiv (Node _ op e₁ e₂) (Node _ op e₂ e₁)
| (* SR(add|mul)_assoc. *)
Expr_equiv_assoc op e₁ e₂ e₃ :
Expr_equiv (Node _ op e₁ (Node _ op e₂ e₃))
(Node _ op (Node _ op e₁ e₂) e₃)
| (* SRmul_1_l. *)
Expr_equiv_mul_1_l e :
Expr_equiv (Node _ Mul (One _) e) e
| (* SRmul_0_l. *)
Expr_equiv_mul_0_l e :
Expr_equiv (Node _ Mul (Zero _) e) (Zero _)
| (* SRdistr_l. *)
Expr_equiv_distr_l e₁ e₂ e₃ :
Expr_equiv (Node _ Mul (Node _ Add e₁ e₂) e₃)
(Node _ Add (Node _ Mul e₁ e₃) (Node _ Mul e₂ e₃)).Global InstanceExprRing (I : Set) : RingSig (Expr I) := {
rzero := Zero I;
rone := One I;
radd := Node I Add;
rmul := Node I Mul;
req := Expr_equiv;
}.Definitiondiffₑ
{R : Set} {RS : RingSig R}
{I : Set} {EI : EqDecision I}
(ϱ : I → R) : Expr I → I → R :=
fix diff (e : Expr I) (i : I) : R :=
match e with
| Zero _ => rzero
| One _ => rzero
| Leaf _ j => if decide (i = j) then rone else rzero
| Node _ Add el er => radd (diff el i) (diff er i)
| Node _ Mul el er => radd (rmul (diff el i) (eval (map ϱ er)))
(rmul (eval (map ϱ el)) (diff er i))
end.Definitionnode : Set := (Binop * val * val)%type.Definitioncontext : Set := list (val * node)%type.Definitiondefs (K : context) : list val := K.*1.Definitionoverwrite {AB : Set} {EA : EqDecision A} (f : A → B) (a : A) (b : B) : A → B :=
λx, if decide (a = x) then b else f x.Definitionfilling : context → val → Expr val :=
foldl
(* Inductive case: *) (λfilling '(x, (op, a, b)),
overwrite filling x (Node _ op (filling a) (filling b)))
(* Base case: *) (λy, Leaf _ y).Definitionextension {R : Set} {RS : RingSig R} (ϱ : val → R) (K : context) : val → R :=
foldl (λϱ '(x, (op, a, b)), overwrite ϱ x (denote op (ϱ a) (ϱ b))) ϱ K.Enddefinitions.(** Mathematical notation. *)(* TODO: Better ways to define notation? *)Notation"'Oᵣ'" := rzero (at level50).Notation"'Iᵣ'" := rone (at level50).Infix"+ᵣ" := radd (at level70).Infix"×ᵣ" := rmul (at level50).Infix"=ᵣ" := req (at level70).Notation"'Oₑ'" := (Zero _) (at level50).Notation"'Iₑ'" := (One _) (at level50).Notation"'Xₑ'" := (Leaf () tt) (at level50).Infix"+ₑ" := (Node _ Add) (at level70).Infix"×ₑ" := (Node _ Mul) (at level50).Infix"=ₑ" := (Expr_equiv) (at level70).Notation"'Let' K '.in' y" := (filling K y) (at level70).Notation"f '.{[' a ':=' b ']}'" := (overwrite f a b) (at level70).Notation"ϱ '.{[' K ']}'" := (extension ϱ K) (at level70).Notation"'∂' e './' '∂' i '.at' ϱ" := (diffₑ ϱ e i) (at level70).Sectionproperties.
byinduction e as [| | |?? IHl ? IHr]; lastrewrite //= IHl IHr.Qed.
I, J, K: Set e: Expr I g: I → Expr J f: J → Expr K
bind f (bind g e) = bind (bind f ∘ g) e
I, J, K: Set e: Expr I g: I → Expr J f: J → Expr K
bind f (bind g e) = bind (bind f ∘ g) e
byinduction e as [| | |?? IHl ? IHr]; lastrewrite //= IHl IHr.Qed.(* From iris.algebra Require Import gset. Definition vars_bind {I : Set} `{CI : Countable I} {J : Set} `{CJ : Countable J} (e : Expr I) (f : I → Expr J) : Prop := vars (bind f e) = [^(∪) set] i ∈ vars e, vars (f i). *)Endbind.(** [map]. *)Sectionmap.
I, J, K: Set ϱ: I → J ϑ: J → K e: Expr I
map (ϑ ∘ ϱ) e = map ϑ (map ϱ e)
I, J, K: Set ϱ: I → J ϑ: J → K e: Expr I
map (ϑ ∘ ϱ) e = map ϑ (map ϱ e)
byinduction e as [| | |?? IHl ? IHr]; lastrewrite //= IHl IHr.Qed.
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J e: Expr I
(∀i : I, i ∈ vars e → ϱ i = ϑ i) → map ϱ e = map ϑ e
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J e: Expr I
(∀i : I, i ∈ vars e → ϱ i = ϑ i) → map ϱ e = map ϑ e
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J i: I
(∀i0 : I, i0 ∈ vars (Leaf I i) → ϱ i0 = ϑ i0)
→ map ϱ (Leaf I i) = map ϑ (Leaf I i)
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J op: Binop el, er: Expr I IHel: (∀i : I, i ∈ vars el → ϱ i = ϑ i)
→ map ϱ el = map ϑ el IHer: (∀i : I, i ∈ vars er → ϱ i = ϑ i)
→ map ϱ er = map ϑ er
(∀i : I, i ∈ vars (Node I op el er) → ϱ i = ϑ i)
→ map ϱ (Node I op el er) = map ϑ (Node I op el er)
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J i: I
(∀i0 : I, i0 ∈ vars (Leaf I i) → ϱ i0 = ϑ i0)
→ map ϱ (Leaf I i) = map ϑ (Leaf I i)
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J i: I Hvars: ∀i0 : I, i0 ∈ vars (Leaf I i) → ϱ i0 = ϑ i0
map ϱ (Leaf I i) = map ϑ (Leaf I i)
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J i: I Hvars: ∀i0 : I, i0 ∈ vars (Leaf I i) → ϱ i0 = ϑ i0
Leaf J (ϱ i) = Leaf J (ϑ i)
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J i: I Hvars: ∀i0 : I, i0 ∈ vars (Leaf I i) → ϱ i0 = ϑ i0
ϱ i = ϑ i
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J i: I Hvars: ∀i0 : I, i0 ∈ vars (Leaf I i) → ϱ i0 = ϑ i0
i ∈ vars (Leaf I i)
set_solver.
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J op: Binop el, er: Expr I IHel: (∀i : I, i ∈ vars el → ϱ i = ϑ i)
→ map ϱ el = map ϑ el IHer: (∀i : I, i ∈ vars er → ϱ i = ϑ i)
→ map ϱ er = map ϑ er
(∀i : I, i ∈ vars (Node I op el er) → ϱ i = ϑ i)
→ map ϱ (Node I op el er) = map ϑ (Node I op el er)
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J op: Binop el, er: Expr I IHel: (∀i : I, i ∈ vars el → ϱ i = ϑ i)
→ map ϱ el = map ϑ el IHer: (∀i : I, i ∈ vars er → ϱ i = ϑ i)
→ map ϱ er = map ϑ er
(∀i : I, i ∈ vars (Node I op el er) → ϱ i = ϑ i)
→ map ϱ (Node I op el er) = map ϑ (Node I op el er)
I, J: Set EqDecision0: EqDecision I CI: Countable I ϱ, ϑ: I → J op: Binop el, er: Expr I IHel: (∀i : I, i ∈ vars el → ϱ i = ϑ i)
→ map ϱ el = map ϑ el IHer: (∀i : I, i ∈ vars er → ϱ i = ϑ i)
→ map ϱ er = map ϑ er Hvars: ∀i : I,
i ∈ vars (Node I op el er) → ϱ i = ϑ i
K: list (val * (Binop * val * val)) x: val op: Binop a, b, y: val
(LetK ++ [(x, (op, a, b))] .in y) =
(if decide (x = y)
then Node val op (LetK .in a) (LetK .in b)
elseLetK .in y)
K: list (val * (Binop * val * val)) x: val op: Binop a, b, y: val
(LetK ++ [(x, (op, a, b))] .in y) =
(if decide (x = y)
then Node val op (LetK .in a) (LetK .in b)
elseLetK .in y)
K: list (val * (Binop * val * val)) x: val op: Binop a, b, y: val
foldl
(λ (filling : val → Expr val) '(x, (op, a, b)),
filling .{[ x
:= Node val op (filling a) (filling b)]})
(filling K) [(x, (op, a, b))] y =
(if decide (x = y)
then Node val op (LetK .in a) (LetK .in b)
elseLetK .in y)
done.Qed.
K: list (val * (Binop * val * val)) x: val op: Binop a, b: val
(LetK ++ [(x, (op, a, b))] .in x) =
Node val op (LetK .in a) (LetK .in b)
K: list (val * (Binop * val * val)) x: val op: Binop a, b: val
(LetK ++ [(x, (op, a, b))] .in x) =
Node val op (LetK .in a) (LetK .in b)
byrewrite filling_snoc decide_True.Qed.
K: list (val * (Binop * val * val)) x: val op: Binop a, b, y: val
x = y
→ (LetK ++ [(x, (op, a, b))] .in y) =
Node val op (LetK .in a) (LetK .in b)
K: list (val * (Binop * val * val)) x: val op: Binop a, b, y: val
x = y
→ (LetK ++ [(x, (op, a, b))] .in y) =
Node val op (LetK .in a) (LetK .in b)
K: list (val * (Binop * val * val)) op: Binop a, b, y: val
(LetK ++ [(y, (op, a, b))] .in y) =
Node val op (LetK .in a) (LetK .in b)
apply filling_snoc_eq.Qed.
K: list (val * node) x: val n: node y: val
x ≠ y → (LetK ++ [(x, n)] .in y) = (LetK .in y)
K: list (val * node) x: val n: node y: val
x ≠ y → (LetK ++ [(x, n)] .in y) = (LetK .in y)
K: list (val * node) x: val n: node y: val H: x ≠ y
(LetK ++ [(x, n)] .in y) = (LetK .in y)
K: list (val * node) x: val b: Binop v, v0, y: val H: x ≠ y
(LetK ++ [(x, (b, v, v0))] .in y) = (LetK .in y)
byrewrite filling_snoc decide_False.Qed.
x: val op: Binop a, b, y: val
(Let [(x, (op, a, b))] .in y) =
(if decide (x = y)
then Node val op (Leaf val a) (Leaf val b)
else Leaf val y)
x: val op: Binop a, b, y: val
(Let [(x, (op, a, b))] .in y) =
(if decide (x = y)
then Node val op (Leaf val a) (Leaf val b)
else Leaf val y)
byrewrite -(app_nil_l [_]) filling_snoc //=.Qed.
x: val op: Binop a, b: val
(Let [(x, (op, a, b))] .in x) =
Node val op (Leaf val a) (Leaf val b)
x: val op: Binop a, b: val
(Let [(x, (op, a, b))] .in x) =
Node val op (Leaf val a) (Leaf val b)
byrewrite filling_singleton decide_True.Qed.
x: val op: Binop a, b, y: val
x = y
→ (Let [(x, (op, a, b))] .in y) =
Node val op (Leaf val a) (Leaf val b)
x: val op: Binop a, b, y: val
x = y
→ (Let [(x, (op, a, b))] .in y) =
Node val op (Leaf val a) (Leaf val b)
op: Binop a, b, y: val
(Let [(y, (op, a, b))] .in y) =
Node val op (Leaf val a) (Leaf val b)
apply filling_singleton_eq.Qed.
x: val n: node y: val
x ≠ y → (Let [(x, n)] .in y) = Leaf val y
x: val n: node y: val
x ≠ y → (Let [(x, n)] .in y) = Leaf val y
x: val n: node y: val H: x ≠ y
(Let [(x, n)] .in y) = Leaf val y
x: val b: Binop v, v0, y: val H: x ≠ y
(Let [(x, (b, v, v0))] .in y) = Leaf val y
byrewrite filling_singleton decide_False.Qed.
K₁: list (val * node) K₂: context y: val
y ∉ defs K₂ → (LetK₁ ++ K₂ .in y) = (LetK₁ .in y)
K₁: list (val * node) K₂: context y: val
y ∉ defs K₂ → (LetK₁ ++ K₂ .in y) = (LetK₁ .in y)
K₁: list (val * node) y: val
y ∉ defs [] → (LetK₁ ++ [] .in y) = (LetK₁ .in y)
K₁: list (val * node) x: val op: Binop a, b: val K₂: list (val * node) y: val IHK₂: y ∉ defs K₂
→ (LetK₁ ++ K₂ .in y) = (LetK₁ .in y)
y ∉ defs (K₂ ++ [(x, (op, a, b))])
→ (LetK₁ ++ K₂ ++ [(x, (op, a, b))] .in y) =
(LetK₁ .in y)
K₁: list (val * node) y: val
y ∉ defs [] → (LetK₁ ++ [] .in y) = (LetK₁ .in y)
byrewrite app_nil_r.
K₁: list (val * node) x: val op: Binop a, b: val K₂: list (val * node) y: val IHK₂: y ∉ defs K₂
→ (LetK₁ ++ K₂ .in y) = (LetK₁ .in y)
y ∉ defs (K₂ ++ [(x, (op, a, b))])
→ (LetK₁ ++ K₂ ++ [(x, (op, a, b))] .in y) =
(LetK₁ .in y)
K₁: list (val * node) x: val op: Binop a, b: val K₂: list (val * node) y: val IHK₂: y ∉ defs K₂
→ (LetK₁ ++ K₂ .in y) = (LetK₁ .in y)
y ∉ defs (K₂ ++ [(x, (op, a, b))])
→ (LetK₁ ++ K₂ ++ [(x, (op, a, b))] .in y) =
(LetK₁ .in y)
K₁: list (val * node) x: val op: Binop a, b: val K₂: list (val * node) y: val IHK₂: y ∉ defs K₂
→ (LetK₁ ++ K₂ .in y) = (LetK₁ .in y)
(y ∉ defs K₂) ∧ y ≠ x ∧ y ∉ []
→ (if decide (x = y)
then
Node val op (LetK₁ ++ K₂ .in a)
(LetK₁ ++ K₂ .in b)
elseLetK₁ ++ K₂ .in y) = (LetK₁ .in y)
K₁: list (val * node) x: val op: Binop a, b: val K₂: list (val * node) y: val IHK₂: y ∉ defs K₂
→ (LetK₁ ++ K₂ .in y) = (LetK₁ .in y) Hy: y ∉ defs K₂ Hneq: y ≠ x
(if decide (x = y)
then
Node val op (LetK₁ ++ K₂ .in a)
(LetK₁ ++ K₂ .in b)
elseLetK₁ ++ K₂ .in y) = (LetK₁ .in y)
K₁: list (val * node) x: val op: Binop a, b: val K₂: list (val * node) y: val IHK₂: y ∉ defs K₂
→ (LetK₁ ++ K₂ .in y) = (LetK₁ .in y) Hy: y ∉ defs K₂ Hneq: y ≠ x
x ≠ y → (LetK₁ ++ K₂ .in y) = (LetK₁ .in y)
byrewrite IHK₂.}Qed.
K: context y: val
y ∉ defs K → (LetK .in y) = Leaf val y
K: context y: val
y ∉ defs K → (LetK .in y) = Leaf val y
K: context y: val Hy: y ∉ defs K
(LetK .in y) = Leaf val y
byrewrite -(app_nil_l K) filling_app.Qed.
K₁: list (val * (Binop * val * val)) K₂: context x: val op: Binop a, b, y: val
y ∉ defs K₂
→ (LetK₁ ++ (x, (op, a, b)) :: K₂ .in y) =
(LetK₁ ++ [(x, (op, a, b))] .in y)
K₁: list (val * (Binop * val * val)) K₂: context x: val op: Binop a, b, y: val
y ∉ defs K₂
→ (LetK₁ ++ (x, (op, a, b)) :: K₂ .in y) =
(LetK₁ ++ [(x, (op, a, b))] .in y)
R: Set RS: RingSig R ϱ: val → R x: val op: Binop a, b: val K: list (val * node) IHK: ∀y : val, (ϱ .{[ K]}) y = eval (map ϱ (LetK .in y))
∀y : val,
(ϱ .{[ K ++ [(x, (op, a, b))]]}) y =
eval (map ϱ (LetK ++ [(x, (op, a, b))] .in y))
R: Set RS: RingSig R ϱ: val → R x: val op: Binop a, b: val K: list (val * node) IHK: ∀y : val, (ϱ .{[ K]}) y = eval (map ϱ (LetK .in y)) y: val
(ϱ .{[ K ++ [(x, (op, a, b))]]}) y =
eval (map ϱ (LetK ++ [(x, (op, a, b))] .in y))
R: Set RS: RingSig R ϱ: val → R x: val op: Binop a, b: val K: list (val * node) IHK: ∀y : val, (ϱ .{[ K]}) y = eval (map ϱ (LetK .in y)) y: val
((ϱ .{[ K]}) .{[ x
:= denote op ((ϱ .{[ K]}) a) ((ϱ .{[ K]}) b)]}) y =
eval (map ϱ (LetK ++ [(x, (op, a, b))] .in y))
R: Set RS: RingSig R ϱ: val → R op: Binop a, b: val K: list (val * node) IHK: ∀y : val, (ϱ .{[ K]}) y = eval (map ϱ (LetK .in y)) y: val
((ϱ .{[ K]}) .{[ y
:= denote op ((ϱ .{[ K]}) a) ((ϱ .{[ K]}) b)]}) y =
eval (map ϱ (LetK ++ [(y, (op, a, b))] .in y))
R: Set RS: RingSig R ϱ: val → R x: val op: Binop a, b: val K: list (val * node) IHK: ∀y : val, (ϱ .{[ K]}) y = eval (map ϱ (LetK .in y)) y: val Hneq: x ≠ y
((ϱ .{[ K]}) .{[ x
:= denote op ((ϱ .{[ K]}) a) ((ϱ .{[ K]}) b)]}) y =
eval (map ϱ (LetK ++ [(x, (op, a, b))] .in y))
R: Set RS: RingSig R ϱ: val → R op: Binop a, b: val K: list (val * node) IHK: ∀y : val, (ϱ .{[ K]}) y = eval (map ϱ (LetK .in y)) y: val
((ϱ .{[ K]}) .{[ y
:= denote op ((ϱ .{[ K]}) a) ((ϱ .{[ K]}) b)]}) y =
eval (map ϱ (LetK ++ [(y, (op, a, b))] .in y))
byrewrite filling_snoc_eq overwrite_eq !IHK.
R: Set RS: RingSig R ϱ: val → R x: val op: Binop a, b: val K: list (val * node) IHK: ∀y : val, (ϱ .{[ K]}) y = eval (map ϱ (LetK .in y)) y: val Hneq: x ≠ y
((ϱ .{[ K]}) .{[ x
:= denote op ((ϱ .{[ K]}) a) ((ϱ .{[ K]}) b)]}) y =
eval (map ϱ (LetK ++ [(x, (op, a, b))] .in y))
R: Set RS: RingSig R ϱ: val → R x: val op: Binop a, b: val K: list (val * node) IHK: ∀y : val, (ϱ .{[ K]}) y = eval (map ϱ (LetK .in y)) y: val Hneq: x ≠ y
((ϱ .{[ K]}) .{[ x
:= denote op ((ϱ .{[ K]}) a) ((ϱ .{[ K]}) b)]}) y =
eval (map ϱ (LetK ++ [(x, (op, a, b))] .in y))
R: Set RS: RingSig R ϱ: val → R x: val op: Binop a, b: val K: list (val * node) IHK: ∀y : val, (ϱ .{[ K]}) y = eval (map ϱ (LetK .in y)) y: val Hneq: x ≠ y
((ϱ .{[ K]}) .{[ x
:= denote op ((ϱ .{[ K]}) a) ((ϱ .{[ K]}) b)]}) y =
eval (map ϱ (LetK .in y))
R: Set RS: RingSig R ϱ: val → R x: val op: Binop a, b: val K: list (val * node) IHK: ∀y : val, (ϱ .{[ K]}) y = eval (map ϱ (LetK .in y)) y: val Hneq: x ≠ y
R: Set RS: RingSig R ϱ: val → R K: context x: val op: Binop a, b, y: val
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) =
eval (map ϑ (LetK .in y))
R: Set RS: RingSig R ϱ: val → R K: context x: val op: Binop a, b, y: val
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) =
eval (map ϑ (LetK .in y))
R: Set RS: RingSig R ϱ: val → R K: context x, a, b: val
∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) =
eval (map ϑ (LetK .in y))
R: Set RS: RingSig R ϱ: val → R x, a, b: val
∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let [(x, (op, a, b))] .in y)) =
eval (map ϑ (Let [] .in y))
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y))
∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval
(map ϱ
(Let (x, (op, a, b))
:: K ++ [(x', (op', a', b'))] .in y)) =
eval (map ϑ (LetK ++ [(x', (op', a', b'))] .in y))
R: Set RS: RingSig R ϱ: val → R x, a, b: val
∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let [(x, (op, a, b))] .in y)) =
eval (map ϑ (Let [] .in y))
R: Set RS: RingSig R ϱ: val → R x, a, b, y: val op: Binop
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let [(x, (op, a, b))] .in y)) =
eval (map ϑ (Let [] .in y))
R: Set RS: RingSig R ϱ: val → R x, a, b, y: val op: Binop
eval (map ϱ (Let [(x, (op, a, b))] .in y)) =
(ϱ .{[ x := denote op (ϱ a) (ϱ b)]}) y
R: Set RS: RingSig R ϱ: val → R x, a, b, y: val op: Binop
eval
(map ϱ
(if decide (x = y)
then Node val op (Leaf val a) (Leaf val b)
else Leaf val y)) =
(ϱ .{[ x := denote op (ϱ a) (ϱ b)]}) y
R: Set RS: RingSig R ϱ: val → R x, a, b, y: val op: Binop
x = y
→ eval (map ϱ (Node val op (Leaf val a) (Leaf val b))) =
(ϱ .{[ x := denote op (ϱ a) (ϱ b)]}) y
R: Set RS: RingSig R ϱ: val → R x, a, b, y: val op: Binop
x ≠ y
→ eval (map ϱ (Leaf val y)) =
(ϱ .{[ x := denote op (ϱ a) (ϱ b)]}) y
R: Set RS: RingSig R ϱ: val → R x, a, b, y: val op: Binop
x = y
→ eval (map ϱ (Node val op (Leaf val a) (Leaf val b))) =
(ϱ .{[ x := denote op (ϱ a) (ϱ b)]}) y
R: Set RS: RingSig R ϱ: val → R a, b, y: val op: Binop
eval (map ϱ (Node val op (Leaf val a) (Leaf val b))) =
(ϱ .{[ y := denote op (ϱ a) (ϱ b)]}) y
R: Set RS: RingSig R ϱ: val → R a, b, y: val op: Binop
denote op (ϱ a) (ϱ b) =
(ϱ .{[ y := denote op (ϱ a) (ϱ b)]}) y
R: Set RS: RingSig R ϱ: val → R a, b, y: val op: Binop
denote op (ϱ a) (ϱ b) = denote op (ϱ a) (ϱ b)
done.
R: Set RS: RingSig R ϱ: val → R x, a, b, y: val op: Binop
x ≠ y
→ eval (map ϱ (Leaf val y)) =
(ϱ .{[ x := denote op (ϱ a) (ϱ b)]}) y
R: Set RS: RingSig R ϱ: val → R x, a, b, y: val op: Binop n: x ≠ y
eval (map ϱ (Leaf val y)) =
(ϱ .{[ x := denote op (ϱ a) (ϱ b)]}) y
R: Set RS: RingSig R ϱ: val → R x, a, b, y: val op: Binop n: x ≠ y
ϱ y = (ϱ .{[ x := denote op (ϱ a) (ϱ b)]}) y
rewrite overwrite_neq; done.
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y))
∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval
(map ϱ
(Let (x, (op, a, b))
:: K ++ [(x', (op', a', b'))] .in y)) =
eval (map ϑ (LetK ++ [(x', (op', a', b'))] .in y))
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y))
∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval
(map ϱ
(Let (x, (op, a, b))
:: K ++ [(x', (op', a', b'))] .in y)) =
eval (map ϑ (LetK ++ [(x', (op', a', b'))] .in y))
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y)) y: val op: Binop
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval
(map ϱ
(Let (x, (op, a, b))
:: K ++ [(x', (op', a', b'))] .in y)) =
eval (map ϑ (LetK ++ [(x', (op', a', b'))] .in y))
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y)) y: val op: Binop
eval
(map ϱ
(Let (x, (op, a, b))
:: K ++ [(x', (op', a', b'))] .in y)) =
eval
(map (ϱ .{[ x := denote op (ϱ a) (ϱ b)]})
(LetK ++ [(x', (op', a', b'))] .in y))
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y)) y: val op: Binop
eval
(map ϱ
(if decide (x' = y)
then
Node val op' (Let (x, (op, a, b)) :: K .in a')
(Let (x, (op, a, b)) :: K .in b')
elseLet (x, (op, a, b)) :: K .in y)) =
eval
(map (ϱ .{[ x := denote op (ϱ a) (ϱ b)]})
(if decide (x' = y)
then Node val op' (LetK .in a') (LetK .in b')
elseLetK .in y))
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y)) y: val op: Binop
x' = y
→ eval
(map ϱ
(Node val op' (Let (x, (op, a, b)) :: K .in a')
(Let (x, (op, a, b)) :: K .in b'))) =
eval
(map (ϱ .{[ x := denote op (ϱ a) (ϱ b)]})
(Node val op' (LetK .in a') (LetK .in b')))
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y)) y: val op: Binop
x' ≠ y
→ eval (map ϱ (Let (x, (op, a, b)) :: K .in y)) =
eval
(map (ϱ .{[ x := denote op (ϱ a) (ϱ b)]})
(LetK .in y))
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y)) y: val op: Binop
x' = y
→ eval
(map ϱ
(Node val op' (Let (x, (op, a, b)) :: K .in a')
(Let (x, (op, a, b)) :: K .in b'))) =
eval
(map (ϱ .{[ x := denote op (ϱ a) (ϱ b)]})
(Node val op' (LetK .in a') (LetK .in b')))
R: Set RS: RingSig R ϱ: val → R op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y)) y: val op: Binop
eval
(map ϱ
(Node val op' (Let (x, (op, a, b)) :: K .in a')
(Let (x, (op, a, b)) :: K .in b'))) =
eval
(map (ϱ .{[ x := denote op (ϱ a) (ϱ b)]})
(Node val op' (LetK .in a') (LetK .in b')))
R: Set RS: RingSig R ϱ: val → R op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y)) y: val op: Binop
denote op'
(eval (map ϱ (Let (x, (op, a, b)) :: K .in a')))
(eval (map ϱ (Let (x, (op, a, b)) :: K .in b'))) =
denote op'
(eval
(map (ϱ .{[ x := denote op (ϱ a) (ϱ b)]})
(LetK .in a')))
(eval
(map (ϱ .{[ x := denote op (ϱ a) (ϱ b)]})
(LetK .in b')))
f_equal; apply IHK.
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y)) y: val op: Binop
x' ≠ y
→ eval (map ϱ (Let (x, (op, a, b)) :: K .in y)) =
eval
(map (ϱ .{[ x := denote op (ϱ a) (ϱ b)]})
(LetK .in y))
R: Set RS: RingSig R ϱ: val → R x': val op': Binop a', b': val K: list (val * node) x, a, b: val IHK: ∀ (y : val) (op : Binop),
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} ineval (map ϱ (Let (x, (op, a, b)) :: K .in y)) = eval (map ϑ (LetK .in y)) y: val op: Binop n: x' ≠ y
eval (map ϱ (Let (x, (op, a, b)) :: K .in y)) =
eval
(map (ϱ .{[ x := denote op (ϱ a) (ϱ b)]})
(LetK .in y))
I: Set EI: EqDecision I R: Set RS: RingSig R i: I ϱ: I → R
(∂ Leaf I i ./ ∂ i .at ϱ) = Iᵣ
byrewrite //= decide_True.Qed.
I: Set EI: EqDecision I R: Set RS: RingSig R i, j: I
i = j → ∀ϱ : I → R, (∂ Leaf I i ./ ∂ j .at ϱ) = Iᵣ
I: Set EI: EqDecision I R: Set RS: RingSig R i, j: I
i = j → ∀ϱ : I → R, (∂ Leaf I i ./ ∂ j .at ϱ) = Iᵣ
I: Set EI: EqDecision I R: Set RS: RingSig R j: I
∀ϱ : I → R, (∂ Leaf I j ./ ∂ j .at ϱ) = Iᵣ
apply diff_leaf_eq.Qed.
I: Set EI: EqDecision I R: Set RS: RingSig R i, j: I
i ≠ j → ∀ϱ : I → R, (∂ Leaf I i ./ ∂ j .at ϱ) = Oᵣ
I: Set EI: EqDecision I R: Set RS: RingSig R i, j: I
i ≠ j → ∀ϱ : I → R, (∂ Leaf I i ./ ∂ j .at ϱ) = Oᵣ
I: Set EI: EqDecision I R: Set RS: RingSig R i, j: I H: i ≠ j ϱ: I → R
(∂ Leaf I i ./ ∂ j .at ϱ) = Oᵣ
byrewrite //= decide_False.Qed.
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e, eⱼ: Expr I i, j: I
letf := (λi : I, Leaf I i) .{[ j := eⱼ]} inletϑ := ϱ .{[ j := eval (map ϱ eⱼ)]} in
i ≠ j
→ (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ
→ (∂ bind f e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e, eⱼ: Expr I i, j: I
letf := (λi : I, Leaf I i) .{[ j := eⱼ]} inletϑ := ϱ .{[ j := eval (map ϱ eⱼ)]} in
i ≠ j
→ (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ
→ (∂ bind f e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e, eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ
(∂ bind f e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e, eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ
∀e : Expr I, eval (map ϱ (bind f e)) = eval (map ϑ e)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e, eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e)
(∂ bind f e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e, eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ
∀e : Expr I, eval (map ϱ (bind f e)) = eval (map ϑ e)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ
∀e : Expr I, eval (map ϱ (bind f e)) = eval (map ϑ e)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ i': I
eval (map ϱ (f i')) = ϑ i'
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ i': I
i' = j → eval (map ϱ (f i')) = ϑ i'
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ i': I
i' ≠ j → eval (map ϱ (f i')) = ϑ i'
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ i': I
i' = j → eval (map ϱ (f i')) = ϑ i'
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ
eval (map ϱ (f j)) = ϑ j
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ i': I
i' ≠ j → eval (map ϱ (f i')) = ϑ i'
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ i': I n: i' ≠ j
eval (map ϱ (f i')) = ϑ i'
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ i': I n: i' ≠ j
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e, eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e)
(∂ bind f e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R i': I eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e)
(∂ f i' ./ ∂ i .at ϱ) =
(if decide (i = i') then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R i': I eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e)
(∂ f i' ./ ∂ i .at ϱ) =
(if decide (i = i') then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R i': I eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e)
j = i'
→ (∂ f i' ./ ∂ i .at ϱ) =
(if decide (i = i') then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R i': I eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e)
j ≠ i'
→ (∂ f i' ./ ∂ i .at ϱ) =
(if decide (i = i') then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R i': I eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e)
j = i'
→ (∂ f i' ./ ∂ i .at ϱ) =
(if decide (i = i') then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R i': I eⱼ: Expr I i: I Hneq: i ≠ i' ϑ:= ϱ .{[ i' := eval (map ϱ eⱼ)]}: I → R f:= (λi : I, Leaf I i) .{[ i' := eⱼ]}: I → Expr I Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e)
(∂ f i' ./ ∂ i .at ϱ) =
(if decide (i = i') then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R i': I eⱼ: Expr I i: I Hneq: i ≠ i' ϑ:= ϱ .{[ i' := eval (map ϱ eⱼ)]}: I → R f:= (λi : I, Leaf I i) .{[ i' := eⱼ]}: I → Expr I Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e)
(∂ ((λi : I, Leaf I i) .{[ i' := eⱼ]}) i' ./ ∂ i
.at ϱ) = (if decide (i = i') then Iᵣ else Oᵣ)
byrewrite overwrite_eq Hdiff decide_False.
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R i': I eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e)
j ≠ i'
→ (∂ f i' ./ ∂ i .at ϱ) =
(if decide (i = i') then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R i': I eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e) n: j ≠ i'
(∂ f i' ./ ∂ i .at ϱ) =
(if decide (i = i') then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R i': I eⱼ: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := eⱼ]}: I → Expr I ϑ:= ϱ .{[ j := eval (map ϱ eⱼ)]}: I → R Hneq: i ≠ j Hdiff: (∂ eⱼ ./ ∂ i .at ϱ) = Oᵣ Heval_bind: ∀e : Expr I,
eval (map ϱ (bind f e)) =
eval (map ϑ e) n: j ≠ i'
(∂ ((λi : I, Leaf I i) .{[ j := eⱼ]}) i' ./ ∂ i .at ϱ) =
(if decide (i = i') then Iᵣ else Oᵣ)
byrewrite overwrite_neq.}Qed.
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e: Expr I i, j: I
letf := (λi : I, Leaf I i) .{[ j := Oₑ]} inletϑ := ϱ .{[ j := Oᵣ]} in
i ≠ j → (∂ bind f e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e: Expr I i, j: I
letf := (λi : I, Leaf I i) .{[ j := Oₑ]} inletϑ := ϱ .{[ j := Oᵣ]} in
i ≠ j → (∂ bind f e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := Oₑ]}: I → Expr I ϑ:= ϱ .{[ j := Oᵣ]}: I → R H: i ≠ j
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e: Expr I i, j: I
letf := (λi : I, Leaf I i) .{[ j := Iₑ]} inletϑ := ϱ .{[ j := Iᵣ]} in
i ≠ j → (∂ bind f e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e: Expr I i, j: I
letf := (λi : I, Leaf I i) .{[ j := Iₑ]} inletϑ := ϱ .{[ j := Iᵣ]} in
i ≠ j → (∂ bind f e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ: I → R e: Expr I i, j: I f:= (λi : I, Leaf I i) .{[ j := Iₑ]}: I → Expr I ϑ:= ϱ .{[ j := Iᵣ]}: I → R H: i ≠ j
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I ϱ, ϑ: I → R e: Expr I i: I
(∀j : I, j ∈ vars e → ϱ j = ϑ j)
→ (∂ e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I ϱ, ϑ: I → R e: Expr I i: I
(∀j : I, j ∈ vars e → ϱ j = ϑ j)
→ (∂ e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I ϱ, ϑ: I → R e1, e2: Expr I i: I IHl: (∀j : I, j ∈ vars e1 → ϱ j = ϑ j)
→ (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∀j : I, j ∈ vars e2 → ϱ j = ϑ j)
→ (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ)
(∀j : I, j ∈ vars (e1 +ₑ e2) → ϱ j = ϑ j)
→ (∂ e1 +ₑ e2 ./ ∂ i .at ϱ) =
(∂ e1 +ₑ e2 ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I ϱ, ϑ: I → R e1, e2: Expr I i: I IHl: (∀j : I, j ∈ vars e1 → ϱ j = ϑ j)
→ (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∀j : I, j ∈ vars e2 → ϱ j = ϑ j)
→ (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ)
(∀j : I, j ∈ vars (e1 ×ₑ e2) → ϱ j = ϑ j)
→ (∂ e1 ×ₑ e2 ./ ∂ i .at ϱ) =
(∂ e1 ×ₑ e2 ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I ϱ, ϑ: I → R e1, e2: Expr I i: I IHl: (∀j : I, j ∈ vars e1 → ϱ j = ϑ j)
→ (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∀j : I, j ∈ vars e2 → ϱ j = ϑ j)
→ (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ)
(∀j : I, j ∈ vars (e1 +ₑ e2) → ϱ j = ϑ j)
→ (∂ e1 +ₑ e2 ./ ∂ i .at ϱ) =
(∂ e1 +ₑ e2 ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I ϱ, ϑ: I → R e1, e2: Expr I i: I IHl: (∀j : I, j ∈ vars e1 → ϱ j = ϑ j)
→ (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∀j : I, j ∈ vars e2 → ϱ j = ϑ j)
→ (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ) Hvars: ∀j : I, j ∈ vars (e1 +ₑ e2) → ϱ j = ϑ j
(∂ e1 +ₑ e2 ./ ∂ i .at ϱ) = (∂ e1 +ₑ e2 ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I ϱ, ϑ: I → R e1, e2: Expr I i: I IHl: (∀j : I, j ∈ vars e1 → ϱ j = ϑ j)
→ (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∀j : I, j ∈ vars e2 → ϱ j = ϑ j)
→ (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ)
(∀j : I, j ∈ vars (e1 ×ₑ e2) → ϱ j = ϑ j)
→ (∂ e1 ×ₑ e2 ./ ∂ i .at ϱ) =
(∂ e1 ×ₑ e2 ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I ϱ, ϑ: I → R e1, e2: Expr I i: I IHl: (∀j : I, j ∈ vars e1 → ϱ j = ϑ j)
→ (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∀j : I, j ∈ vars e2 → ϱ j = ϑ j)
→ (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ)
(∀j : I, j ∈ vars (e1 ×ₑ e2) → ϱ j = ϑ j)
→ (∂ e1 ×ₑ e2 ./ ∂ i .at ϱ) =
(∂ e1 ×ₑ e2 ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I ϱ, ϑ: I → R e1, e2: Expr I i: I IHl: (∀j : I, j ∈ vars e1 → ϱ j = ϑ j)
→ (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∀j : I, j ∈ vars e2 → ϱ j = ϑ j)
→ (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ) Hvars: ∀j : I, j ∈ vars (e1 ×ₑ e2) → ϱ j = ϑ j
(∂ e1 ×ₑ e2 ./ ∂ i .at ϱ) = (∂ e1 ×ₑ e2 ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I ϱ, ϑ: I → R e1, e2: Expr I i: I IHl: (∀j : I, j ∈ vars e1 → ϱ j = ϑ j)
→ (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∀j : I, j ∈ vars e2 → ϱ j = ϑ j)
→ (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ) Hvars: ∀j : I, j ∈ vars (e1 ×ₑ e2) → ϱ j = ϑ j
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ, ϑ: I → R e: Expr I i: I
(∀j : I, ϱ j = ϑ j)
→ (∂ e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ, ϑ: I → R e: Expr I i: I
(∀j : I, ϱ j = ϑ j)
→ (∂ e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ, ϑ: I → R e: Expr I i: I Hext: ∀j : I, ϱ j = ϑ j
(∂ e ./ ∂ i .at ϱ) = (∂ e ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ, ϑ: I → R e1, e2: Expr I i: I Hext: ∀j : I, ϱ j = ϑ j IHl: (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ)
(∂ e1 +ₑ e2 ./ ∂ i .at ϱ) = (∂ e1 +ₑ e2 ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ, ϑ: I → R e1, e2: Expr I i: I Hext: ∀j : I, ϱ j = ϑ j IHl: (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ)
(∂ e1 ×ₑ e2 ./ ∂ i .at ϱ) = (∂ e1 ×ₑ e2 ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ, ϑ: I → R e1, e2: Expr I i: I Hext: ∀j : I, ϱ j = ϑ j IHl: (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ)
(∂ e1 +ₑ e2 ./ ∂ i .at ϱ) = (∂ e1 +ₑ e2 ./ ∂ i .at ϑ)
byrewrite //= IHl IHr.
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ, ϑ: I → R e1, e2: Expr I i: I Hext: ∀j : I, ϱ j = ϑ j IHl: (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ)
(∂ e1 ×ₑ e2 ./ ∂ i .at ϱ) = (∂ e1 ×ₑ e2 ./ ∂ i .at ϑ)
I: Set EI: EqDecision I R: Set RS: RingSig R ϱ, ϑ: I → R e1, e2: Expr I i: I Hext: ∀j : I, ϱ j = ϑ j IHl: (∂ e1 ./ ∂ i .at ϱ) = (∂ e1 ./ ∂ i .at ϑ) IHr: (∂ e2 ./ ∂ i .at ϱ) = (∂ e2 ./ ∂ i .at ϑ)
(∂ e1 ×ₑ e2 ./ ∂ i .at ϱ) = (∂ e1 ×ₑ e2 ./ ∂ i .at ϑ)
byrewrite //= IHl IHr !(map_ext ϱ ϑ).}Qed.
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R e: Expr I i: I
(∀j : I, j ∈ vars e → ϱ i = ϱ j → i = j)
→ (∂ map ϱ e ./ ∂ ϱ i .at ϑ) = (∂ e ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R e: Expr I i: I
(∀j : I, j ∈ vars e → ϱ i = ϱ j → i = j)
→ (∂ map ϱ e ./ ∂ ϱ i .at ϑ) = (∂ e ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I
(∀j0 : I, j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0)
→ (∂ map ϱ (Leaf I j) ./ ∂ ϱ i .at ϑ) =
(∂ Leaf I j ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ)
(∀j : I, j ∈ vars (el +ₑ er) → ϱ i = ϱ j → i = j)
→ (∂ map ϱ (el +ₑ er) ./ ∂ ϱ i .at ϑ) =
(∂ el +ₑ er ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ)
(∀j : I, j ∈ vars (el ×ₑ er) → ϱ i = ϱ j → i = j)
→ (∂ map ϱ (el ×ₑ er) ./ ∂ ϱ i .at ϑ) =
(∂ el ×ₑ er ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I
(∀j0 : I, j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0)
→ (∂ map ϱ (Leaf I j) ./ ∂ ϱ i .at ϑ) =
(∂ Leaf I j ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I Hϱ: ∀j0 : I,
j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0
(∂ map ϱ (Leaf I j) ./ ∂ ϱ i .at ϑ) =
(∂ Leaf I j ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I Hϱ: ∀j0 : I,
j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0
(if decide (ϱ i = ϱ j) then Iᵣ else Oᵣ) =
(if decide (i = j) then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I Hϱ: ∀j0 : I,
j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0
ϱ i = ϱ j → Iᵣ = (if decide (i = j) then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I Hϱ: ∀j0 : I,
j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0
ϱ i ≠ ϱ j → Oᵣ = (if decide (i = j) then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I Hϱ: ∀j0 : I,
j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0
ϱ i = ϱ j → Iᵣ = (if decide (i = j) then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I Hϱ: ∀j0 : I,
j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0 Heq: ϱ i = ϱ j
Iᵣ = (if decide (i = j) then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I Hϱ: ∀j0 : I,
j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0 Heq: ϱ i = ϱ j
Iᵣ = (if decide (j = j) then Iᵣ else Oᵣ)
byrewrite decide_True.
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I Hϱ: ∀j0 : I,
j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0
ϱ i ≠ ϱ j → Oᵣ = (if decide (i = j) then Iᵣ else Oᵣ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j, i: I Hϱ: ∀j0 : I,
j0 ∈ vars (Leaf I j) → ϱ i = ϱ j0 → i = j0
i = j → ϱ i ≠ ϱ j → Oᵣ = Iᵣ
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R j: I Hϱ: ∀j0 : I,
j0 ∈ vars (Leaf I j) → ϱ j = ϱ j0 → j = j0
ϱ j ≠ ϱ j → Oᵣ = Iᵣ
contradiction.
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ)
(∀j : I, j ∈ vars (el +ₑ er) → ϱ i = ϱ j → i = j)
→ (∂ map ϱ (el +ₑ er) ./ ∂ ϱ i .at ϑ) =
(∂ el +ₑ er ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ)
(∀j : I, j ∈ vars (el ×ₑ er) → ϱ i = ϱ j → i = j)
→ (∂ map ϱ (el ×ₑ er) ./ ∂ ϱ i .at ϑ) =
(∂ el ×ₑ er ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ)
(∀j : I, j ∈ vars (el +ₑ er) → ϱ i = ϱ j → i = j)
→ (∂ map ϱ (el +ₑ er) ./ ∂ ϱ i .at ϑ) =
(∂ el +ₑ er ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ) H: ∀j : I, j ∈ vars (el +ₑ er) → ϱ i = ϱ j → i = j
(∂ map ϱ (el +ₑ er) ./ ∂ ϱ i .at ϑ) =
(∂ el +ₑ er ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ) H: ∀j : I, j ∈ vars (el +ₑ er) → ϱ i = ϱ j → i = j
((∂ el ./ ∂ i .at ϑ ∘ ϱ) +ᵣ
(∂ map ϱ er ./ ∂ ϱ i .at ϑ)) =
((∂ el ./ ∂ i .at ϑ ∘ ϱ) +ᵣ (∂ er ./ ∂ i .at ϑ ∘ ϱ))
byrewrite IHer; [|set_solver].
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ)
(∀j : I, j ∈ vars (el ×ₑ er) → ϱ i = ϱ j → i = j)
→ (∂ map ϱ (el ×ₑ er) ./ ∂ ϱ i .at ϑ) =
(∂ el ×ₑ er ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ)
(∀j : I, j ∈ vars (el ×ₑ er) → ϱ i = ϱ j → i = j)
→ (∂ map ϱ (el ×ₑ er) ./ ∂ ϱ i .at ϑ) =
(∂ el ×ₑ er ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ) H: ∀j : I, j ∈ vars (el ×ₑ er) → ϱ i = ϱ j → i = j
(∂ map ϱ (el ×ₑ er) ./ ∂ ϱ i .at ϑ) =
(∂ el ×ₑ er ./ ∂ i .at ϑ ∘ ϱ)
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ) H: ∀j : I, j ∈ vars (el ×ₑ er) → ϱ i = ϱ j → i = j
((∂ el ./ ∂ i .at ϑ ∘ ϱ) ×ᵣ eval (map ϑ (map ϱ er)) +ᵣ
eval (map ϑ (map ϱ el))
×ᵣ (∂ map ϱ er ./ ∂ ϱ i .at ϑ)) =
((∂ el ./ ∂ i .at ϑ ∘ ϱ) ×ᵣ eval (map (ϑ ∘ ϱ) er) +ᵣ
eval (map (ϑ ∘ ϱ) el) ×ᵣ (∂ er ./ ∂ i .at ϑ ∘ ϱ))
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ) H: ∀j : I, j ∈ vars (el ×ₑ er) → ϱ i = ϱ j → i = j
((∂ el ./ ∂ i .at ϑ ∘ ϱ) ×ᵣ eval (map ϑ (map ϱ er)) +ᵣ
eval (map ϑ (map ϱ el)) ×ᵣ (∂ er ./ ∂ i .at ϑ ∘ ϱ)) =
((∂ el ./ ∂ i .at ϑ ∘ ϱ) ×ᵣ eval (map (ϑ ∘ ϱ) er) +ᵣ
eval (map (ϑ ∘ ϱ) el) ×ᵣ (∂ er ./ ∂ i .at ϑ ∘ ϱ))
I: Set EI: EqDecision I R: Set RS: RingSig R CI: Countable I J: Set EJ: EqDecision J ϱ: I → J ϑ: J → R el, er: Expr I i: I IHel: (∀j : I, j ∈ vars el → ϱ i = ϱ j → i = j)
→ (∂ map ϱ el ./ ∂ ϱ i .at ϑ) =
(∂ el ./ ∂ i .at ϑ ∘ ϱ) IHer: (∀j : I, j ∈ vars er → ϱ i = ϱ j → i = j)
→ (∂ map ϱ er ./ ∂ ϱ i .at ϑ) =
(∂ er ./ ∂ i .at ϑ ∘ ϱ) H: ∀j : I, j ∈ vars (el ×ₑ er) → ϱ i = ϱ j → i = j
((∂ el ./ ∂ i .at ϑ ∘ ϱ) ×ᵣ eval (map ϑ (map ϱ er)) +ᵣ
eval (map ϑ (map ϱ el)) ×ᵣ (∂ er ./ ∂ i .at ϑ ∘ ϱ)) =
((∂ el ./ ∂ i .at ϑ ∘ ϱ) ×ᵣ eval (map ϑ (map ϱ er)) +ᵣ
eval (map ϑ (map ϱ el)) ×ᵣ (∂ er ./ ∂ i .at ϑ ∘ ϱ))
done.}Qed.
I: Set EI: EqDecision I R: Set RS: RingSig R e: Expr I i: I r: R
eval
(map (λ_ : I, r)
(∂ e ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e ./ ∂ i .at (λ_ : I, r))
I: Set EI: EqDecision I R: Set RS: RingSig R e: Expr I i: I r: R
eval
(map (λ_ : I, r)
(∂ e ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e ./ ∂ i .at (λ_ : I, r))
I: Set EI: EqDecision I R: Set RS: RingSig R j, i: I r: R
eval
(map (λ_ : I, r)
(∂ Leaf I j ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ Leaf I j ./ ∂ i .at (λ_ : I, r))
I: Set EI: EqDecision I R: Set RS: RingSig R e1, e2: Expr I i: I r: R IHe1: eval
(map (λ_ : I, r)
(∂ e1 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ./ ∂ i .at (λ_ : I, r)) IHe2: eval
(map (λ_ : I, r)
(∂ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e2 ./ ∂ i .at (λ_ : I, r))
eval
(map (λ_ : I, r)
(∂ e1 +ₑ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 +ₑ e2 ./ ∂ i .at (λ_ : I, r))
I: Set EI: EqDecision I R: Set RS: RingSig R e1, e2: Expr I i: I r: R IHe1: eval
(map (λ_ : I, r)
(∂ e1 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ./ ∂ i .at (λ_ : I, r)) IHe2: eval
(map (λ_ : I, r)
(∂ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e2 ./ ∂ i .at (λ_ : I, r))
eval
(map (λ_ : I, r)
(∂ e1 ×ₑ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ×ₑ e2 ./ ∂ i .at (λ_ : I, r))
I: Set EI: EqDecision I R: Set RS: RingSig R j, i: I r: R
eval
(map (λ_ : I, r)
(∂ Leaf I j ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ Leaf I j ./ ∂ i .at (λ_ : I, r))
I: Set EI: EqDecision I R: Set RS: RingSig R j, i: I r: R
eval
(map (λ_ : I, r)
(if decide (i = j) then Iₑ else Oₑ)) =
(if decide (i = j) then Iᵣ else Oᵣ)
bycase (decide (i = j)).
I: Set EI: EqDecision I R: Set RS: RingSig R e1, e2: Expr I i: I r: R IHe1: eval
(map (λ_ : I, r)
(∂ e1 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ./ ∂ i .at (λ_ : I, r)) IHe2: eval
(map (λ_ : I, r)
(∂ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e2 ./ ∂ i .at (λ_ : I, r))
eval
(map (λ_ : I, r)
(∂ e1 +ₑ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 +ₑ e2 ./ ∂ i .at (λ_ : I, r))
I: Set EI: EqDecision I R: Set RS: RingSig R e1, e2: Expr I i: I r: R IHe1: eval
(map (λ_ : I, r)
(∂ e1 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ./ ∂ i .at (λ_ : I, r)) IHe2: eval
(map (λ_ : I, r)
(∂ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e2 ./ ∂ i .at (λ_ : I, r))
eval
(map (λ_ : I, r)
(∂ e1 ×ₑ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ×ₑ e2 ./ ∂ i .at (λ_ : I, r))
I: Set EI: EqDecision I R: Set RS: RingSig R e1, e2: Expr I i: I r: R IHe1: eval
(map (λ_ : I, r)
(∂ e1 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ./ ∂ i .at (λ_ : I, r)) IHe2: eval
(map (λ_ : I, r)
(∂ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e2 ./ ∂ i .at (λ_ : I, r))
eval
(map (λ_ : I, r)
(∂ e1 +ₑ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 +ₑ e2 ./ ∂ i .at (λ_ : I, r))
byrewrite //= IHe1 IHe2.
I: Set EI: EqDecision I R: Set RS: RingSig R e1, e2: Expr I i: I r: R IHe1: eval
(map (λ_ : I, r)
(∂ e1 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ./ ∂ i .at (λ_ : I, r)) IHe2: eval
(map (λ_ : I, r)
(∂ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e2 ./ ∂ i .at (λ_ : I, r))
eval
(map (λ_ : I, r)
(∂ e1 ×ₑ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ×ₑ e2 ./ ∂ i .at (λ_ : I, r))
I: Set EI: EqDecision I R: Set RS: RingSig R e1, e2: Expr I i: I r: R IHe1: eval
(map (λ_ : I, r)
(∂ e1 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ./ ∂ i .at (λ_ : I, r)) IHe2: eval
(map (λ_ : I, r)
(∂ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e2 ./ ∂ i .at (λ_ : I, r))
eval
(map (λ_ : I, r)
(∂ e1 ×ₑ e2 ./ ∂ i .at (λj : I, Leaf I j))) =
(∂ e1 ×ₑ e2 ./ ∂ i .at (λ_ : I, r))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R K: context x: val op: Binop a, b, y, u: val
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} inleta_b := Node val op (Leaf val a) (Leaf val b) in
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K .in y ./ ∂ u .at ϱ) =ᵣ
((∂ LetK .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R K: context x: val op: Binop a, b, y, u: val
letϑ := ϱ .{[ x := denote op (ϱ a) (ϱ b)]} inleta_b := Node val op (Leaf val a) (Leaf val b) in
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K .in y ./ ∂ u .at ϱ) =ᵣ
((∂ LetK .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R K: context x: val op: Binop a, b, y, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K .in y ./ ∂ u .at ϱ) =ᵣ
((∂ LetK .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R K: context x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val
∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K .in y ./ ∂ u .at ϱ) =ᵣ
((∂ LetK .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val
∀y : val,
x ≠ u
→ (∂ Let [(x, (op, a, b))] .in y ./ ∂ u .at ϱ) =ᵣ
((∂ Let [] .in y ./ ∂ u .at ϑ) +ᵣ
(∂ Let [] .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x': val op': Binop a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b))
:: K' ++ [(x', (op', a', b'))] .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' ++ [(x', (op', a', b'))] .in y ./ ∂ u
.at ϑ) +ᵣ
(∂ LetK' ++ [(x', (op', a', b'))] .in y ./ ∂ x
.at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val
∀y : val,
x ≠ u
→ (∂ Let [(x, (op, a, b))] .in y ./ ∂ u .at ϱ) =ᵣ
((∂ Let [] .in y ./ ∂ u .at ϑ) +ᵣ
(∂ Let [] .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val y: val H: x ≠ u
(∂ Let [(x, (op, a, b))] .in y ./ ∂ u .at ϱ) =ᵣ
((∂ Let [] .in y ./ ∂ u .at ϑ) +ᵣ
(∂ Let [] .in y ./ ∂ x .at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val y: val H: x ≠ u
(∂ if decide (x = y)
then Node val op (Leaf val a) (Leaf val b)
else Leaf val y ./ ∂ u .at ϱ) =ᵣ
((∂ Leaf val y ./ ∂ u .at ϑ) +ᵣ
(∂ Leaf val y ./ ∂ x .at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val y: val H: x ≠ u
x = y
→ (∂ Node val op (Leaf val a) (Leaf val b) ./ ∂ u
.at ϱ) =ᵣ
((∂ Leaf val y ./ ∂ u .at ϑ) +ᵣ
(∂ Leaf val y ./ ∂ x .at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val y: val H: x ≠ u
x ≠ y
→ (∂ Leaf val y ./ ∂ u .at ϱ) =ᵣ
((∂ Leaf val y ./ ∂ u .at ϑ) +ᵣ
(∂ Leaf val y ./ ∂ x .at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val y: val H: x ≠ u
x = y
→ (∂ Node val op (Leaf val a) (Leaf val b) ./ ∂ u
.at ϱ) =ᵣ
((∂ Leaf val y ./ ∂ u .at ϑ) +ᵣ
(∂ Leaf val y ./ ∂ x .at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R op: Binop a, b, u, y: val H: y ≠ u ϑ:= ϱ .{[ y := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val
(∂ Node val op (Leaf val a) (Leaf val b) ./ ∂ u .at ϱ) =ᵣ
((∂ Leaf val y ./ ∂ u .at ϑ) +ᵣ
(∂ Leaf val y ./ ∂ y .at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R op: Binop a, b, u, y: val H: y ≠ u ϑ:= ϱ .{[ y := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val
(∂ Node val op (Leaf val a) (Leaf val b) ./ ∂ u .at ϱ) =ᵣ
(Oᵣ +ᵣ (Iᵣ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R op: Binop a, b, u, y: val H: y ≠ u ϑ:= ϱ .{[ y := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val
(∂ a_b ./ ∂ u .at ϱ) =ᵣ
(Oᵣ +ᵣ (Iᵣ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
ring.
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val y: val H: x ≠ u
x ≠ y
→ (∂ Leaf val y ./ ∂ u .at ϱ) =ᵣ
((∂ Leaf val y ./ ∂ u .at ϑ) +ᵣ
(∂ Leaf val y ./ ∂ x .at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val y: val H: x ≠ u n: x ≠ y
(∂ Leaf val y ./ ∂ u .at ϱ) =ᵣ
((∂ Leaf val y ./ ∂ u .at ϑ) +ᵣ
(∂ Leaf val y ./ ∂ x .at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val y: val H: x ≠ u n: x ≠ y
(∂ Leaf val y ./ ∂ u .at ϱ) =ᵣ
((∂ Leaf val y ./ ∂ u .at ϑ) +ᵣ
(Oᵣ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val y: val H: x ≠ u n: x ≠ y
(if decide (u = y) then Iᵣ else Oᵣ) =ᵣ
((if decide (u = y) then Iᵣ else Oᵣ) +ᵣ
(Oᵣ)
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)
ring.
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x': val op': Binop a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b))
:: K' ++ [(x', (op', a', b'))] .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' ++ [(x', (op', a', b'))] .in y ./ ∂ u
.at ϑ) +ᵣ
(∂ LetK' ++ [(x', (op', a', b'))] .in y ./ ∂ x
.at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x': val op': Binop a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b))
:: K' ++ [(x', (op', a', b'))] .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' ++ [(x', (op', a', b'))] .in y ./ ∂ u
.at ϑ) +ᵣ
(∂ LetK' ++ [(x', (op', a', b'))] .in y ./ ∂ x
.at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x': val op': Binop a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u
(∂ Let (x, (op, a, b)) :: K' ++ [(x', (op', a', b'))]
.in y ./ ∂ u .at ϱ) =ᵣ
((∂ LetK' ++ [(x', (op', a', b'))] .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' ++ [(x', (op', a', b'))] .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x': val op': Binop a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u
(∂ if decide (x' = y)
then
Node val op' (Let (x, (op, a, b)) :: K' .in a')
(Let (x, (op, a, b)) :: K' .in b')
elseLet (x, (op, a, b)) :: K' .in y ./ ∂ u .at ϱ) =ᵣ
((∂ if decide (x' = y)
then Node val op' (LetK' .in a') (LetK' .in b')
elseLetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ if decide (x' = y)
then Node val op' (LetK' .in a') (LetK' .in b')
elseLetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x': val op': Binop a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
(∂ Node val op' (Let (x, (op, a, b)) :: K' .in a')
(Let (x, (op, a, b)) :: K' .in b') ./ ∂ u .at ϱ) =ᵣ
((∂ Node val op' (LetK' .in a') (LetK' .in b')
./ ∂ u .at ϑ) +ᵣ
(∂ Node val op' (LetK' .in a') (LetK' .in b')
./ ∂ x .at ϑ) ×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
(∂ (Let (x, (op, a, b)) :: K' .in a') +ₑ
(Let (x, (op, a, b)) :: K' .in b') ./ ∂ u .at ϱ) =ᵣ
((∂ (LetK' .in a') +ₑ (LetK' .in b') ./ ∂ u .at ϑ) +ᵣ
(∂ (LetK' .in a') +ₑ (LetK' .in b') ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
(∂ (Let (x, (op, a, b)) :: K' .in a')
×ₑ (Let (x, (op, a, b)) :: K' .in b') ./ ∂ u .at ϱ) =ᵣ
((∂ (LetK' .in a') ×ₑ (LetK' .in b') ./ ∂ u .at ϑ) +ᵣ
(∂ (LetK' .in a') ×ₑ (LetK' .in b') ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
(∂ (Let (x, (op, a, b)) :: K' .in a') +ₑ
(Let (x, (op, a, b)) :: K' .in b') ./ ∂ u .at ϱ) =ᵣ
((∂ (LetK' .in a') +ₑ (LetK' .in b') ./ ∂ u .at ϑ) +ᵣ
(∂ (LetK' .in a') +ₑ (LetK' .in b') ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
((∂ Let (x, (op, a, b)) :: K' .in a' ./ ∂ u .at ϱ) +ᵣ
(∂ Let (x, (op, a, b)) :: K' .in b' ./ ∂ u .at ϱ)) =ᵣ
(((∂ LetK' .in a' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ u .at ϑ)) +ᵣ
((∂ LetK' .in a' ./ ∂ x .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ x .at ϑ))
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
(((∂ LetK' .in a' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in a' ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) +ᵣ
((∂ LetK' .in b' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))) =ᵣ
(((∂ LetK' .in a' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ u .at ϑ)) +ᵣ
((∂ LetK' .in a' ./ ∂ x .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ x .at ϑ))
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
(((∂ LetK' .in a' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in a' ./ ∂ x .at ϑ)
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end) +ᵣ
((∂ LetK' .in b' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ x .at ϑ)
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)) =ᵣ
(((∂ LetK' .in a' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ u .at ϑ)) +ᵣ
((∂ LetK' .in a' ./ ∂ x .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ x .at ϑ))
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)
ring.
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
(∂ (Let (x, (op, a, b)) :: K' .in a')
×ₑ (Let (x, (op, a, b)) :: K' .in b') ./ ∂ u .at ϱ) =ᵣ
((∂ (LetK' .in a') ×ₑ (LetK' .in b') ./ ∂ u .at ϑ) +ᵣ
(∂ (LetK' .in a') ×ₑ (LetK' .in b') ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
((∂ Let (x, (op, a, b)) :: K' .in a' ./ ∂ u .at ϱ)
×ᵣ eval (map ϱ (Let (x, (op, a, b)) :: K' .in b')) +ᵣ
eval (map ϱ (Let (x, (op, a, b)) :: K' .in a'))
×ᵣ (∂ Let (x, (op, a, b)) :: K' .in b' ./ ∂ u .at ϱ)) =ᵣ
(((∂ LetK' .in a' ./ ∂ u .at ϑ)
×ᵣ eval (map ϑ (LetK' .in b')) +ᵣ
eval (map ϑ (LetK' .in a'))
×ᵣ (∂ LetK' .in b' ./ ∂ u .at ϑ)) +ᵣ
((∂ LetK' .in a' ./ ∂ x .at ϑ)
×ᵣ eval (map ϑ (LetK' .in b')) +ᵣ
eval (map ϑ (LetK' .in a'))
×ᵣ (∂ LetK' .in b' ./ ∂ x .at ϑ))
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
(((∂ LetK' .in a' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in a' ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))
×ᵣ eval (map ϱ (Let (x, (op, a, b)) :: K' .in b')) +ᵣ
eval (map ϱ (Let (x, (op, a, b)) :: K' .in a'))
×ᵣ ((∂ LetK' .in b' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ))) =ᵣ
(((∂ LetK' .in a' ./ ∂ u .at ϑ)
×ᵣ eval (map ϑ (LetK' .in b')) +ᵣ
eval (map ϑ (LetK' .in a'))
×ᵣ (∂ LetK' .in b' ./ ∂ u .at ϑ)) +ᵣ
((∂ LetK' .in a' ./ ∂ x .at ϑ)
×ᵣ eval (map ϑ (LetK' .in b')) +ᵣ
eval (map ϑ (LetK' .in a'))
×ᵣ (∂ LetK' .in b' ./ ∂ x .at ϑ))
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
(((∂ LetK' .in a' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in a' ./ ∂ x .at ϑ)
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)
×ᵣ eval (map ϱ (Let (x, (op, a, b)) :: K' .in b')) +ᵣ
eval (map ϱ (Let (x, (op, a, b)) :: K' .in a'))
×ᵣ ((∂ LetK' .in b' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ x .at ϑ)
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)) =ᵣ
(((∂ LetK' .in a' ./ ∂ u .at ϑ)
×ᵣ eval (map ϑ (LetK' .in b')) +ᵣ
eval (map ϑ (LetK' .in a'))
×ᵣ (∂ LetK' .in b' ./ ∂ u .at ϑ)) +ᵣ
((∂ LetK' .in a' ./ ∂ x .at ϑ)
×ᵣ eval (map ϑ (LetK' .in b')) +ᵣ
eval (map ϑ (LetK' .in a'))
×ᵣ (∂ LetK' .in b' ./ ∂ x .at ϑ))
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)
R: Set RS: RingSig R RA: IsRing R ϱ: val → R x', a', b': val K': list (val * node) x: val op: Binop a, b, u: val ϑ:= ϱ .{[ x := denote op (ϱ a) (ϱ b)]}: val → R a_b:= Node val op (Leaf val a) (Leaf val b): Expr val IHK': ∀y : val,
x ≠ u
→ (∂ Let (x, (op, a, b)) :: K' .in y ./ ∂ u
.at ϱ) =ᵣ
((∂ LetK' .in y ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in y ./ ∂ x .at ϑ)
×ᵣ (∂ a_b ./ ∂ u .at ϱ)) y: val H: x ≠ u e: x' = y
(((∂ LetK' .in a' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in a' ./ ∂ x .at ϑ)
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)
×ᵣ eval (map ϱ (Let (x, (op, a, b)) :: K' .in b')) +ᵣ
eval (map ϱ (Let (x, (op, a, b)) :: K' .in a'))
×ᵣ ((∂ LetK' .in b' ./ ∂ u .at ϑ) +ᵣ
(∂ LetK' .in b' ./ ∂ x .at ϑ)
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)) =ᵣ
(((∂ LetK' .in a' ./ ∂ u .at ϑ)
×ᵣ eval (map ϱ (Let (x, (op, a, b)) :: K' .in b')) +ᵣ
eval (map ϱ (Let (x, (op, a, b)) :: K' .in a'))
×ᵣ (∂ LetK' .in b' ./ ∂ u .at ϑ)) +ᵣ
((∂ LetK' .in a' ./ ∂ x .at ϑ)
×ᵣ eval (map ϱ (Let (x, (op, a, b)) :: K' .in b')) +ᵣ
eval (map ϱ (Let (x, (op, a, b)) :: K' .in a'))
×ᵣ (∂ LetK' .in b' ./ ∂ x .at ϑ))
×ᵣ match op with
| Add =>
(if decide (u = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (u = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (u = a) then Iᵣ else Oᵣ) ×ᵣ ϱ b +ᵣ
ϱ a ×ᵣ (if decide (u = b) then Iᵣ else Oᵣ)
end)
ring.}Qed.
R: Set RS: RingSig R RA: IsRing R I: Set e₁, e₂: Expr I ϱ: I → R
e₁ =ₑ e₂ → eval (map ϱ e₁) =ᵣ eval (map ϱ e₂)
R: Set RS: RingSig R RA: IsRing R I: Set e₁, e₂: Expr I ϱ: I → R
e₁ =ₑ e₂ → eval (map ϱ e₁) =ᵣ eval (map ϱ e₂)
R: Set RS: RingSig R RA: IsRing R I: Set ϱ: I → R e₁, e₂, e₃: Expr I H: e₁ =ₑ e₂ H0: e₂ =ₑ e₃ IHExpr_equiv1: eval (map ϱ e₁) =ᵣ eval (map ϱ e₂) IHExpr_equiv2: eval (map ϱ e₂) =ᵣ eval (map ϱ e₃)
eval (map ϱ e₁) =ᵣ eval (map ϱ e₃)
R: Set RS: RingSig R RA: IsRing R I: Set ϱ: I → R op: Binop x, y: Expr I H: x =ₑ y x0, y0: Expr I H0: x0 =ₑ y0 IHExpr_equiv1: eval (map ϱ x) =ᵣ eval (map ϱ y) IHExpr_equiv2: eval (map ϱ x0) =ᵣ eval (map ϱ y0)
eval (map ϱ (Node I op x x0)) =ᵣ
eval (map ϱ (Node I op y y0))
R: Set RS: RingSig R RA: IsRing R I: Set ϱ: I → R e₁, e₂, e₃: Expr I H: e₁ =ₑ e₂ H0: e₂ =ₑ e₃ IHExpr_equiv1: eval (map ϱ e₁) =ᵣ eval (map ϱ e₂) IHExpr_equiv2: eval (map ϱ e₂) =ᵣ eval (map ϱ e₃)
eval (map ϱ e₁) =ᵣ eval (map ϱ e₃)
byrewrite IHExpr_equiv1.
R: Set RS: RingSig R RA: IsRing R I: Set ϱ: I → R op: Binop x, y: Expr I H: x =ₑ y x0, y0: Expr I H0: x0 =ₑ y0 IHExpr_equiv1: eval (map ϱ x) =ᵣ eval (map ϱ y) IHExpr_equiv2: eval (map ϱ x0) =ᵣ eval (map ϱ y0)
eval (map ϱ (Node I op x x0)) =ᵣ
eval (map ϱ (Node I op y y0))
R: Set RS: RingSig R RA: IsRing R I: Set ϱ: I → R op: Binop x, y: Expr I H: x =ₑ y x0, y0: Expr I H0: x0 =ₑ y0 IHExpr_equiv1: eval (map ϱ x) =ᵣ eval (map ϱ y) IHExpr_equiv2: eval (map ϱ x0) =ᵣ eval (map ϱ y0)
eval (map ϱ (Node I op x x0)) =ᵣ
eval (map ϱ (Node I op y y0))
R: Set RS: RingSig R RA: IsRing R I: Set EI: EqDecision I e₁, e₂: Expr I ϱ: I → R i: I
e₁ =ₑ e₂ → (∂ e₁ ./ ∂ i .at ϱ) =ᵣ (∂ e₂ ./ ∂ i .at ϱ)
R: Set RS: RingSig R RA: IsRing R I: Set EI: EqDecision I e₁, e₂: Expr I ϱ: I → R i: I
e₁ =ₑ e₂ → (∂ e₁ ./ ∂ i .at ϱ) =ᵣ (∂ e₂ ./ ∂ i .at ϱ)
R: Set RS: RingSig R RA: IsRing R I: Set EI: EqDecision I ϱ: I → R i: I e₁, e₂, e₃: Expr I H: e₁ =ₑ e₂ H0: e₂ =ₑ e₃ IHExpr_equiv1: (∂ e₁ ./ ∂ i .at ϱ) =ᵣ
(∂ e₂ ./ ∂ i .at ϱ) IHExpr_equiv2: (∂ e₂ ./ ∂ i .at ϱ) =ᵣ
(∂ e₃ ./ ∂ i .at ϱ)
(∂ e₁ ./ ∂ i .at ϱ) =ᵣ (∂ e₃ ./ ∂ i .at ϱ)
R: Set RS: RingSig R RA: IsRing R I: Set EI: EqDecision I ϱ: I → R i: I op: Binop x, y: Expr I H: x =ₑ y x0, y0: Expr I H0: x0 =ₑ y0 IHExpr_equiv1: (∂ x ./ ∂ i .at ϱ) =ᵣ
(∂ y ./ ∂ i .at ϱ) IHExpr_equiv2: (∂ x0 ./ ∂ i .at ϱ) =ᵣ
(∂ y0 ./ ∂ i .at ϱ)
(∂ Node I op x x0 ./ ∂ i .at ϱ) =ᵣ
(∂ Node I op y y0 ./ ∂ i .at ϱ)
R: Set RS: RingSig R RA: IsRing R I: Set EI: EqDecision I ϱ: I → R i: I e₁, e₂, e₃: Expr I H: e₁ =ₑ e₂ H0: e₂ =ₑ e₃ IHExpr_equiv1: (∂ e₁ ./ ∂ i .at ϱ) =ᵣ
(∂ e₂ ./ ∂ i .at ϱ) IHExpr_equiv2: (∂ e₂ ./ ∂ i .at ϱ) =ᵣ
(∂ e₃ ./ ∂ i .at ϱ)
(∂ e₁ ./ ∂ i .at ϱ) =ᵣ (∂ e₃ ./ ∂ i .at ϱ)
byrewrite IHExpr_equiv1.
R: Set RS: RingSig R RA: IsRing R I: Set EI: EqDecision I ϱ: I → R i: I op: Binop x, y: Expr I H: x =ₑ y x0, y0: Expr I H0: x0 =ₑ y0 IHExpr_equiv1: (∂ x ./ ∂ i .at ϱ) =ᵣ
(∂ y ./ ∂ i .at ϱ) IHExpr_equiv2: (∂ x0 ./ ∂ i .at ϱ) =ᵣ
(∂ y0 ./ ∂ i .at ϱ)
(∂ Node I op x x0 ./ ∂ i .at ϱ) =ᵣ
(∂ Node I op y y0 ./ ∂ i .at ϱ)
R: Set RS: RingSig R RA: IsRing R I: Set EI: EqDecision I ϱ: I → R i: I op: Binop x, y: Expr I H: x =ₑ y x0, y0: Expr I H0: x0 =ₑ y0 IHExpr_equiv1: (∂ x ./ ∂ i .at ϱ) =ᵣ
(∂ y ./ ∂ i .at ϱ) IHExpr_equiv2: (∂ x0 ./ ∂ i .at ϱ) =ᵣ
(∂ y0 ./ ∂ i .at ϱ)
(∂ Node I op x x0 ./ ∂ i .at ϱ) =ᵣ
(∂ Node I op y y0 ./ ∂ i .at ϱ)
R: Set RS: RingSig R RA: IsRing R I: Set EI: EqDecision I ϱ: I → R i: I x, y: Expr I H: x =ₑ y x0, y0: Expr I H0: x0 =ₑ y0 IHExpr_equiv1: (∂ x ./ ∂ i .at ϱ) =ᵣ
(∂ y ./ ∂ i .at ϱ) IHExpr_equiv2: (∂ x0 ./ ∂ i .at ϱ) =ᵣ
(∂ y0 ./ ∂ i .at ϱ)
((∂ y ./ ∂ i .at ϱ) ×ᵣ eval (map ϱ x0) +ᵣ
eval (map ϱ x) ×ᵣ (∂ y0 ./ ∂ i .at ϱ)) =ᵣ
((∂ y ./ ∂ i .at ϱ) ×ᵣ eval (map ϱ y0) +ᵣ
eval (map ϱ y) ×ᵣ (∂ y0 ./ ∂ i .at ϱ))
R: Set RS: RingSig R RA: IsRing R I: Set EI: EqDecision I ϱ: I → R i: I x, y: Expr I H: x =ₑ y x0, y0: Expr I H0: x0 =ₑ y0 IHExpr_equiv1: (∂ x ./ ∂ i .at ϱ) =ᵣ
(∂ y ./ ∂ i .at ϱ) IHExpr_equiv2: (∂ x0 ./ ∂ i .at ϱ) =ᵣ
(∂ y0 ./ ∂ i .at ϱ)
((∂ y ./ ∂ i .at ϱ) ×ᵣ eval (map ϱ y0) +ᵣ
eval (map ϱ x) ×ᵣ (∂ y0 ./ ∂ i .at ϱ)) =ᵣ
((∂ y ./ ∂ i .at ϱ) ×ᵣ eval (map ϱ y0) +ᵣ
eval (map ϱ y) ×ᵣ (∂ y0 ./ ∂ i .at ϱ))
byrewrite (eval_equiv x).}Qed.Endproofs_using_ring_tactic.(** Small detour on the chain rule. *)Sectionchain_rule.Context {R : Set} {RS : RingSig R} {RA : IsRing R}
{I : Set} `{CI : Countable I}
{J : Set} {EJ : EqDecision J}.DefinitionSum (f : I → R) : gset I → R :=
set_fold (λiacc, acc +ᵣ f i) (Oᵣ).Notation"'Σ' i '.∈' S ';' e" := (Sum (λi, e) S) (at level70).(* Here is how the chain rule could be stated. The lemmas [diff_map], [diff_bind_overwrite_leaf_id] and [diff_filling] could be proven as corollaries of this property. However, we find that proving them directly ends up being simpler. *)Definitionchain_rule_statement (e : Expr I) (f : I → Expr J) (ϱ : J → R) (j : J) :=
letϑ : I → R := λi, eval (map ϱ (f i)) in
(∂ (bind f e) ./ ∂ j .at ϱ) =ᵣ
Σ i .∈ (vars e) ;
(∂ e ./ ∂ i .at ϑ) ×ᵣ (∂ (f i) ./ ∂ j .at ϱ).Endchain_rule.Endproperties.Sectionring_instances.Global InstanceUnitRing : RingSig () := {
rzero := tt;
rone := tt;
radd := λ__, tt;
rmul := λ__, tt;
req := λ__, True;
}.Global Program InstanceUnitIsRing : IsRing ().
semi_ring_theory (Oᵣ) (Iᵣ) radd rmul req
done.Qed.Global InstanceZRing : RingSig Z := {
rzero := 0;
rone := 1;
radd := Z.add;
rmul := Z.mul;
req := (@eq Z);
}.Global Program InstanceZIsRing : IsRing Z.
semi_ring_theory (Oᵣ) (Iᵣ) radd rmul req
split; simpl; lia.Qed.Global InstanceExpr_equiv_Equivalence {I : Set} :
Equivalence (@Expr_equiv I) := {
Equivalence_Reflexive := Expr_equiv_refl;
Equivalence_Symmetric := Expr_equiv_symm;
Equivalence_Transitive := Expr_equiv_trans;
}.DefinitionExprRing_srt {I : Set} :
semi_ring_theory (Zero I) (One I) (Node I Add) (Node I Mul) Expr_equiv := {|
SRadd_0_l := Expr_equiv_add_0_l;
SRadd_comm := Expr_equiv_comm Add;
SRadd_assoc := Expr_equiv_assoc Add;
SRmul_1_l := Expr_equiv_mul_1_l;
SRmul_0_l := Expr_equiv_mul_0_l;
SRmul_comm := Expr_equiv_comm Mul;
SRmul_assoc := Expr_equiv_assoc Mul;
SRdistr_l := Expr_equiv_distr_l;
|}.Program InstanceExprIsRing {I : Set} : IsRing (Expr I) := {
req_equiv := Expr_equiv_Equivalence;
radd_ext := Expr_equiv_ext Add;
rmul_ext := Expr_equiv_ext Mul;
is_semi_ring := ExprRing_srt;
}.Endring_instances.(** * Specification. *)Sectionspecification.Context `{!irisG eff_lang Σ}.ClassNumSpec (N : Num) (Ψ : iEff Σ) {R : Set} (RS : RingSig R) := {
implements : val → R → iProp Σ;
nzero_spec : ⊢ implements nzero rzero;
none_spec : ⊢ implements none rone;
(* The following specifications are an alternative to the above ones. The difference is that [nzero] and [none] would no longer be values. They would be programs that the client could choose to execute to have access to a representation of the neutral elements of the ring. However, doing so leads to trickier internal specifications (the internal definition of [implements]), because the derivative field would not have meaning. It would have to be described by an invariant just so the update operations could go through. The same idea applies if we expose the function [create] to the client. *)(* nzero_spec E : ⊢ EWP nzero @ E <| Ψ |> {{ x, implements x rzero }}; *)(* none_spec E : ⊢ EWP none @ E <| Ψ |> {{ x, implements x rone }}; *)
nadd_spec E a b r s :
implements a r -∗
implements b s -∗
EWP nadd a b @ E <| Ψ |> {{ x,
implements x (radd r s) }};
nmul_spec E a b r s :
implements a r -∗
implements b s -∗
EWP nmul a b @ E <| Ψ |> {{ x,
implements x (rmul r s) }};
implements_pers u r :> Persistent (implements u r);
(* See the remark bellow to understand the purpose of the following line. *)(* implements_ne u n : Proper (req ==> (dist n)) (implements u); *)
}.DefinitionisExp (f : Num → expr) (e : Expr ()) : iProp Σ :=
(∀ (N : Num),
EWP (f N) <| ⊥ |> {{ vf,
(∀ (R : Set) (RS : RingSig R) (RA : IsRing R),
(∀ (Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS),
(∀xr,
implements x r -∗
EWP vf x <| Ψ |> {{ y, ∃s,
implements y s ∗ ⌜ s =ᵣ (eval (map (λ_, r) e)) ⌝ }})))}}).(* Remark: -- The existentially quantified ring element [s] that appears in the postcondition of [diff] could be avoided by asking the predicate [implements] to be non-expansive. However, this would complicate the verification of [diff] because the numerical implementation of symbolic expressions that it provides to the client doesn't satisfy this property. The same trick of the existential quantification might work for turning the [implements] predicate non-expansive, but again, we choose simplicity.*)Definitiondiff_spec : iProp Σ :=
(∀ (f : Num → expr) (e : Expr ()),
isExp f e -∗
isExp (diff f) (∂ e ./ ∂ tt .at (λ_, Xₑ))).
"Hf" : isExp f e₁
--------------------------------------∗
isExp f e₂
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num
"Hf" : isExp f e₁
--------------------------------------∗
EWP f N
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig R) (_ : IsRing
R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r) e₂)⌝ }} }}
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num
--------------------------------------∗
∀v : val,
(∀ (R : Set) (RS : RingSig R) (_ : IsRing R) (Ψ :
iEff Σ)
(NSpec : NumSpec N Ψ RS) (x : val) (r : R),
implements x r
-∗ EWP v x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval (map (λ_ : (), r) e₁)⌝ }})
={⊤}=∗ ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS) (x : val)
(r : R),
implements x r
-∗ EWP v x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
e₂)⌝ }}
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS) (x : val)
(r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
e₁)⌝ }}
--------------------------------------∗
|={⊤}=> ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS) (x : val)
(r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
e₂)⌝ }}
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS) (x : val)
(r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
e₁)⌝ }}
--------------------------------------∗
∀ (R : Set) (RS : RingSig R) (_ : IsRing R) (Ψ : iEff
Σ)
(NSpec : NumSpec N Ψ RS) (x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval (map (λ_ : (), r) e₂)⌝ }}
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS) (x : val)
(r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
e₁)⌝ }}
"Hx" : implements x r
--------------------------------------∗
EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ eval (map (λ_ : (), r) e₂)⌝ }}
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hvf" : EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval (map (λ_ : (), r) e₁)⌝ }}
--------------------------------------∗
EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ eval (map (λ_ : (), r) e₂)⌝ }}
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
--------------------------------------∗
∀v : val,
(∃s : R,
implements v s
∗ ⌜s =ᵣ eval (map (λ_ : (), r) e₁)⌝)
={⊤}=∗ ∃s : R,
implements v s
∗ ⌜s =ᵣ eval (map (λ_ : (), r) e₂)⌝
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val
--------------------------------------∗
(∃s : R,
implements y s ∗ ⌜s =ᵣ eval (map (λ_ : (), r) e₁)⌝)
={⊤}=∗ ∃s : R,
implements y s
∗ ⌜s =ᵣ eval (map (λ_ : (), r) e₂)⌝
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val s: R H: s =ᵣ eval (map (λ_ : (), r) e₁)
"Hs" : implements y s
--------------------------------------∗
|={⊤}=> ∃s : R,
implements y s
∗ ⌜s =ᵣ eval (map (λ_ : (), r) e₂)⌝
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val s: R H: s =ᵣ eval (map (λ_ : (), r) e₁)
"Hs" : implements y s
--------------------------------------∗
|={⊤}=> implements y s
∗ ⌜s =ᵣ eval (map (λ_ : (), r) e₂)⌝
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val s: R H: s =ᵣ eval (map (λ_ : (), r) e₁)
"Hs" : implements y s
--------------------------------------∗
implements y s ∗ ⌜s =ᵣ eval (map (λ_ : (), r) e₂)⌝
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val s: R H: s =ᵣ eval (map (λ_ : (), r) e₁)
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val s: R H: s =ᵣ eval (map (λ_ : (), r) e₁)
s =ᵣ eval (map (λ_ : (), r) e₂)
Σ: gFunctors irisG0: irisG eff_lang Σ f: Num → expr e₁, e₂: Expr () He: e₁ =ₑ e₂ N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val s: R H: s =ᵣ eval (map (λ_ : (), r) e₁)
byapply eval_equiv.Qed.Endspecification.(** * Verification. *)Sectionverification.(** Camera setup. *)(** We define our personalised notion of resource. This means that we have defined a structure whose elements can be claimed to be owned. We have thus extended the language of logical propositions. Within this newly added fragment of the language, we will be able to write what it means for the current context to be in a certain state or for one to known that it contains a certain entry.*)Sectioncamera.
Ignoring canonical projection to discrete_ofe_mixin by
ofe_mixin in nodeO: redundant with fracO
[redundant-canonical-projection,typechecker]
Ignoring canonical projection to discrete_dist by
ofe_dist in nodeO: redundant with fracO
[redundant-canonical-projection,typechecker]
Ignoring canonical projection to equivL by ofe_equiv
in nodeO: redundant with fracO
[redundant-canonical-projection,typechecker]
(* Our personalised resource is [gmap_viewR loc nodeO] and here we define a typeclass claiming for it to be among the underlying resources parameterizing [iProp]. *)ClasscgraphGΣ := {
cgraph_mapG :> inG Σ (gmap_viewR val nodeO);
}.(* Now we prove that this claim can be satisfied by exhibiting a concrete list of resources containing our personalised one. (This isn't trivial, because the resource definition could depend on the list of resources to which it must belong.) *)DefinitioncgraphΣ := #[
GFunctor (gmap_viewR val nodeO)
].
Σ: gFunctors
subG cgraphΣ Σ → cgraphG Σ
Σ: gFunctors
subG cgraphΣ Σ → cgraphG Σ
solve_inG.Qed.
Ignoring canonical projection to discrete_ofe_mixin by
ofe_mixin in nodeO: redundant with fracO
[redundant-canonical-projection,typechecker]
Ignoring canonical projection to discrete_dist by
ofe_dist in nodeO: redundant with fracO
[redundant-canonical-projection,typechecker]
Ignoring canonical projection to equivL by ofe_equiv
in nodeO: redundant with fracO
[redundant-canonical-projection,typechecker]
(** Ghost theory. *)(** The derived definitions and their properties. *)Sectionghost_theory.Context `{!cgraphG Σ}.Definitioncontext_to_map (K : context) : gmap val node :=
list_to_map (reverse K).Definitionis_current_context (γ : gname) (K : context) : iProp Σ :=
own γ (gmap_view_auth (V:=nodeO) 1%Qp (context_to_map K)).Definitionis_entry (γ : gname) (u : val) (n : node) : iProp Σ :=
own γ (gmap_view_frag (V:=nodeO) u DfracDiscarded n).
apply _.Qed.Endghost_theory.Sectionrepresents.Context `{!cgraphG Σ, !heapG Σ}
{R : Set} {RS : RingSig R}
{N : Num} {Ψ : iEff Σ} {NSpec : NumSpec N Ψ RS}.Variables (γ : gname) (* Identifies assertions of the same ghost theory. *)
(ℓₓ : loc) (* Memory location associated with the input value. *)
(r : R) (* The point at which the derivative was asked. *)
(nᵣ : val). (* A value representing [r]. *)Notationa₀ := (InjLV (InjLV #()))%V (only parsing).Notationa₁ := (InjLV (InjRV #()))%V (only parsing).Notationaₓ := (InjRV (nᵣ, #ℓₓ))%V (only parsing).Definitionrepresents : val → Expr () → iProp Σ :=
fix represents (u : val) (e : Expr ()) : iProp Σ :=
match e with
| Zero _ => ⌜ u = a₀ ⌝
| One _ => ⌜ u = a₁ ⌝
| Leaf _ _ => ⌜ u = aₓ ⌝
| Node _ op el er => ∃ab,
is_entry γ u (op, a, b) ∗
represents a el ∗
represents b er
end%I.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ, x: val e: Expr ()
Persistent (represents x e)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ, x: val e: Expr ()
Persistent (represents x e)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val
∀ (e : Expr ()) (x : val), Persistent (represents x e)
induction e; apply _.Qed.Endrepresents.(* The following section contains general facts that are useful in the subsequent sections.*)Sectiongeneral_facts.
A: Type y: A xs, ys: list A
NoDup (xs ++ y :: ys)
→ NoDup xs
∧ (y ∉ xs)
∧ (∀x : A, x ∈ xs → x ∉ ys) ∧ (y ∉ ys) ∧ NoDup ys
A: Type y: A xs, ys: list A
NoDup (xs ++ y :: ys)
→ NoDup xs
∧ (y ∉ xs)
∧ (∀x : A, x ∈ xs → x ∉ ys) ∧ (y ∉ ys) ∧ NoDup ys
A: Type y: A xs, ys: list A
(NoDup xs ∧ (∀x : A, x ∈ xs → x ∉ [y]) ∧ NoDup [y])
∧ (∀x : A, x ∈ xs ++ [y] → x ∉ ys) ∧ NoDup ys
→ NoDup xs
∧ (y ∉ xs)
∧ (∀x : A, x ∈ xs → x ∉ ys) ∧ (y ∉ ys) ∧ NoDup ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
NoDup xs
∧ (y ∉ xs)
∧ (∀x : A, x ∈ xs → x ∉ ys) ∧ (y ∉ ys) ∧ NoDup ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
(y ∉ xs)
∧ (∀x : A, x ∈ xs → x ∉ ys) ∧ (y ∉ ys) ∧ NoDup ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
y ∉ xs
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
∀x : A, x ∈ xs → x ∉ ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
y ∉ ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
y ∉ xs
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys Hin: y ∈ xs
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
∀x : A, x ∈ xs → x ∉ ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
y ∉ ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
∀x : A, x ∈ xs → x ∉ ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys x: A Hin: x ∈ xs
x ∉ ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys x: A Hin: x ∈ xs
x ∈ xs ∨ x ∈ [y]
byleft.
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
y ∉ ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
y ∉ ys
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
y ∈ xs ∨ y ∈ [y]
A: Type y: A xs, ys: list A HNoDup_xs: NoDup xs Hnot_in_xs: ∀x : A, x ∈ xs → x ∉ [y] Hnot_in_ys: ∀x : A, x ∈ xs ++ [y] → x ∉ ys HNoDup_ys: NoDup ys
y ∈ [y]
byapply elem_of_list_singleton.}Qed.
A: Type xs, ys: list A
NoDup (xs ++ ys) → NoDup xs
A: Type xs, ys: list A
NoDup (xs ++ ys) → NoDup xs
A: Type xs, ys: list A
NoDup xs ∧ (∀x : A, x ∈ xs → x ∉ ys) ∧ NoDup ys
→ NoDup xs
byintros [? _].Qed.
A: Type xs, ys: list A
NoDup (xs ++ ys) → ∀x : A, x ∈ xs → x ∉ ys
A: Type xs, ys: list A
NoDup (xs ++ ys) → ∀x : A, x ∈ xs → x ∉ ys
A: Type xs, ys: list A
NoDup xs ∧ (∀x : A, x ∈ xs → x ∉ ys) ∧ NoDup ys
→ ∀x : A, x ∈ xs → x ∉ ys
byintros (_ & ? & _).Qed.
A: Type xs, ys: list A
NoDup (xs ++ ys) → NoDup ys
A: Type xs, ys: list A
NoDup (xs ++ ys) → NoDup ys
A: Type xs, ys: list A
NoDup xs ∧ (∀x : A, x ∈ xs → x ∉ ys) ∧ NoDup ys
→ NoDup ys
byintros (_ & _ & ?).Qed.(* Although very specific, this lemma is useful in combination with the invariants. *)
Σ: gFunctors heapG0: heapG Σ us: list val v: val ℓ: loc Hin: InjRV (v, #ℓ) ∈ us w, v0, w0: val ℓ0: loc Heq: InjRV (v, #ℓ) = InjRV (v0, #ℓ0) H0: v = v0 H1: ℓ = ℓ0
Σ: gFunctors heapG0: heapG Σ u: val us: list val H: u ∉ us HNoDup: NoDup us
NoDup (u :: us)
byapply NoDup_cons_2.}Qed.
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type us: list A Φ₁, Φ₂: nat → A → iProp Σ
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us, Φ₂ i u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type us: list A Φ₁, Φ₂: nat → A → iProp Σ
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us, Φ₂ i u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type us: list A
∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us, Φ₂ i u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type u: A us: list A IHus: ∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us,
Φ₂ i u
∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u0 : A),
(u :: us) !! i = Some u0 → Φ₁ i u0 -∗ Φ₂ i u0)
→ ([∗ list] i↦u ∈ (u :: us), Φ₁ i u)
-∗ [∗ list] i↦u ∈ (u :: us), Φ₂ i u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type u: A us: list A IHus: ∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us,
Φ₂ i u Φ₁, Φ₂: nat → A → iProp Σ Hmono: ∀ (i : nat) (u0 : A),
(u :: us) !! i = Some u0
→ Φ₁ i u0 -∗ Φ₂ i u0
([∗ list] i↦u ∈ (u :: us), Φ₁ i u)
-∗ [∗ list] i↦u ∈ (u :: us), Φ₂ i u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type u: A us: list A IHus: ∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us,
Φ₂ i u Φ₁, Φ₂: nat → A → iProp Σ Hmono: ∀ (i : nat) (u0 : A),
(u :: us) !! i = Some u0
→ Φ₁ i u0 -∗ Φ₂ i u0
Φ₁ 0 u ∗ ([∗ list] n↦u ∈ us, Φ₁ (S n) u)
-∗ Φ₂ 0 u ∗ ([∗ list] n↦u ∈ us, Φ₂ (S n) u)
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type u: A us: list A IHus: ∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us,
Φ₂ i u Φ₁, Φ₂: nat → A → iProp Σ Hmono: ∀ (i : nat) (u0 : A),
(u :: us) !! i = Some u0
→ Φ₁ i u0 -∗ Φ₂ i u0
"Hu" : Φ₁ 0 u
"Hus" : [∗ list] n↦u ∈ us, Φ₁ (S n) u
--------------------------------------∗
Φ₂ 0 u ∗ ([∗ list] n↦u ∈ us, Φ₂ (S n) u)
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type u: A us: list A IHus: ∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us,
Φ₂ i u Φ₁, Φ₂: nat → A → iProp Σ Hmono: ∀ (i : nat) (u0 : A),
(u :: us) !! i = Some u0
→ Φ₁ i u0 -∗ Φ₂ i u0
"Hu" : Φ₁ 0 u
--------------------------------------∗
Φ₂ 0 u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type u: A us: list A IHus: ∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us,
Φ₂ i u Φ₁, Φ₂: nat → A → iProp Σ Hmono: ∀ (i : nat) (u0 : A),
(u :: us) !! i = Some u0
→ Φ₁ i u0 -∗ Φ₂ i u0
"Hus" : [∗ list] n↦u ∈ us, Φ₁ (S n) u
--------------------------------------∗
[∗ list] n↦u ∈ us, Φ₂ (S n) u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type u: A us: list A IHus: ∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us,
Φ₂ i u Φ₁, Φ₂: nat → A → iProp Σ Hmono: ∀ (i : nat) (u0 : A),
(u :: us) !! i = Some u0
→ Φ₁ i u0 -∗ Φ₂ i u0
"Hu" : Φ₁ 0 u
--------------------------------------∗
Φ₂ 0 u
by iApply (Hmono with"Hu").
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type u: A us: list A IHus: ∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us,
Φ₂ i u Φ₁, Φ₂: nat → A → iProp Σ Hmono: ∀ (i : nat) (u0 : A),
(u :: us) !! i = Some u0
→ Φ₁ i u0 -∗ Φ₂ i u0
"Hus" : [∗ list] n↦u ∈ us, Φ₁ (S n) u
--------------------------------------∗
[∗ list] n↦u ∈ us, Φ₂ (S n) u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type u: A us: list A IHus: ∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us,
Φ₂ i u Φ₁, Φ₂: nat → A → iProp Σ Hmono: ∀ (i : nat) (u0 : A),
(u :: us) !! i = Some u0
→ Φ₁ i u0 -∗ Φ₂ i u0
"Hus" : [∗ list] n↦u ∈ us, Φ₁ (S n) u
--------------------------------------∗
[∗ list] n↦u ∈ us, Φ₂ (S n) u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type u: A us: list A IHus: ∀Φ₁Φ₂ : nat → A → iProp Σ,
(∀ (i : nat) (u : A),
us !! i = Some u → Φ₁ i u -∗ Φ₂ i u)
→ ([∗ list] i↦u ∈ us, Φ₁ i u)
-∗ [∗ list] i↦u ∈ us,
Φ₂ i u Φ₁, Φ₂: nat → A → iProp Σ Hmono: ∀ (i : nat) (u0 : A),
(u :: us) !! i = Some u0
→ Φ₁ i u0 -∗ Φ₂ i u0
∀ (i : nat) (u : A),
us !! i = Some u
→ (λ (n : nat) (u0 : A), Φ₁ (S n) u0) i u
-∗ (λ (i0 : nat) (u0 : A), Φ₂ (S i0) u0) i u
naive_solver.}Qed.
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type us: list A Φ₁, Φ₂: A → iProp Σ
(∀u : A, u ∈ us → Φ₁ u -∗ Φ₂ u)
→ ([∗ list] u ∈ us, Φ₁ u) -∗ [∗ list] u ∈ us, Φ₂ u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type us: list A Φ₁, Φ₂: A → iProp Σ
(∀u : A, u ∈ us → Φ₁ u -∗ Φ₂ u)
→ ([∗ list] u ∈ us, Φ₁ u) -∗ [∗ list] u ∈ us, Φ₂ u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type us: list A Φ₁, Φ₂: A → iProp Σ Hmono: ∀u : A, u ∈ us → Φ₁ u -∗ Φ₂ u
([∗ list] u ∈ us, Φ₁ u) -∗ [∗ list] u ∈ us, Φ₂ u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type us: list A Φ₁, Φ₂: A → iProp Σ Hmono: ∀u : A, u ∈ us → Φ₁ u -∗ Φ₂ u
∀ (i : nat) (u : A), us !! i = Some u → Φ₁ u -∗ Φ₂ u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type us: list A Φ₁, Φ₂: A → iProp Σ Hmono: ∀u : A, u ∈ us → Φ₁ u -∗ Φ₂ u i: nat u: A Hlkp: us !! i = Some u
Φ₁ u -∗ Φ₂ u
Σ: gFunctors irisG0: irisG eff_lang Σ A: Type us: list A Φ₁, Φ₂: A → iProp Σ Hmono: ∀u : A, u ∈ us → Φ₁ u -∗ Φ₂ u i: nat u: A Hlkp: us !! i = Some u
u ∈ us
byapply (elem_of_list_lookup_2 _ i).Qed.Endgeneral_facts.(** Forward invariant. *)(** The forward invariant is a predicate on contexts. If we imagine the execution of the client as a trace indexed by the sequence of arithmetic operations (that is, a context), then the invariant asserts what holds for each such sequence at each step.*)Sectionforward_invariant.Context `{!cgraphG Σ, !heapG Σ}
{R : Set} {RS : RingSig R}
{N : Num} {Ψ : iEff Σ} {NSpec : NumSpec N Ψ RS}.Variables (γ : gname) (* Identifies assertions of the same ghost theory. *)
(ℓₓ : loc) (* Memory location associated with the input value. *)
(r : R) (* The point at which the derivative was asked. *)
(nᵣ : val). (* A value representing [r]. *)Notationa₀ := (InjLV (InjLV #()))%V (only parsing).Notationa₁ := (InjLV (InjRV #()))%V (only parsing).Notationaₓ := (InjRV (nᵣ, #ℓₓ))%V (only parsing).Notationadj_vars := ([a₀; a₁; aₓ]) (only parsing).Notationrepresents := (represents γ ℓₓ nᵣ) (only parsing).Definitionforward_inv (K : context) : iProp Σ := (
letϱ := (λ_, r).{[a₀ := Oᵣ]}.{[a₁ := Iᵣ]} in
is_current_context γ K ∗
⌜ ∀u, u ∈ defs K →
vars (LetK .in u) ⊆ {[a₀; a₁; aₓ]} ⌝ ∗
( [∗ list] u ∈ defs K ++ [aₓ], ∃vℓ,
implements v (ϱ.{[K]} u) ∗
ℓ ↦ nzero ∗
⌜ u = InjRV (v, #ℓ)%V ⌝ )
)%I.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
forward_inv K -∗ ⌜NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)])⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
forward_inv K -∗ ⌜NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)])⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
∀ (k : nat) (y : val),
(defs K ++ [InjRV (nᵣ, #ℓₓ)]) !! k = Some y
→ (λ (_ : nat) (u : val),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝) k y
-∗ (λ (_ : nat) (y0 : val),
∃ (vw : val) (ℓ : loc),
ℓ ↦ w ∗ ⌜y0 = InjRV (v, #ℓ)⌝) k y
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context i: nat u: val
(λ (_ : nat) (u : val),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K]}) u) ∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝)
i u
-∗ (λ (_ : nat) (y : val),
∃ (vw : val) (ℓ : loc),
ℓ ↦ w ∗ ⌜y = InjRV (v, #ℓ)⌝) i u
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context i: nat u: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context i: nat u, v: val ℓ: loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
forward_inv K -∗ ⌜NoDup (defs K)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
forward_inv K -∗ ⌜NoDup (defs K)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
"Hinv" : forward_inv K
--------------------------------------∗
⌜NoDup (defs K)⌝
by iDestruct (NoDup_defs_app_adj_vars with"Hinv")
as %?%NoDup_app_11.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val
InjLV (InjRV #()) ≠ InjRV (nᵣ, #ℓₓ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val
InjLV (InjRV #()) ≠ InjRV (nᵣ, #ℓₓ)
done.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val
InjLV (InjLV #()) ≠ InjRV (nᵣ, #ℓₓ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val
InjLV (InjLV #()) ≠ InjRV (nᵣ, #ℓₓ)
done.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
forward_inv K
-∗ ⌜∀a : val,
a ∈ defs K
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
forward_inv K
-∗ ⌜∀a : val,
a ∈ defs K
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context a: val Hin: a ∈ defs K
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context a: val Hin: a ∈ defs K i: nat Hi: defs K !! i = Some a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context a: val Hin: a ∈ defs K i: nat Hi: defs K !! i = Some a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context a: val Hin: a ∈ defs K i: nat Hi: defs K !! i = Some a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context v: val ℓ: loc Hin: InjRV (v, #ℓ) ∈ defs K i: nat Hi: defs K !! i = Some (InjRV (v, #ℓ))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
forward_inv K
-∗ ⌜∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
forward_inv K
-∗ ⌜∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
"Hinv" : forward_inv K
--------------------------------------∗
⌜∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context H: ∀a : val,
a ∈ defs K
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"Hinv" : forward_inv K
--------------------------------------∗
⌜∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context H: ∀a : val,
a ∈ defs K
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context H: ∀a : val,
a ∈ defs K
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) a: val
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context H: ∀a : val,
a ∈ defs K
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) a: val
a ∈ defs K ∨ a = InjRV (nᵣ, #ℓₓ) ∨ False
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
byintros [|[->|]]; eauto.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context Hdefs: ∀a : val,
a ∈ defs K
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context Hdefs: ∀a : val,
a ∈ defs K
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context Hdefs: ∀a : val,
a ∈ defs K
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) Hinter: ∀x : val, x ∈ defs K → x ∉ [InjRV (nᵣ, #ℓₓ)]
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context Hdefs: ∀a : val,
a ∈ defs K
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) Hinter: ∀x : val, x ∈ defs K → x ∉ [InjRV (nᵣ, #ℓₓ)]
by iDestruct (adj_vars_not_in_defs with"Hinv") as %(_&_&?).Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K, K₁, K₂: list (val * (Binop * val * val)) x: val op: Binop a, b, c: val
c = a ∨ c = b
→ K = K₁ ++ (x, (op, a, b)) :: K₂
→ forward_inv K -∗ ⌜c ∉ x :: defs K₂⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K, K₁, K₂: list (val * (Binop * val * val)) x: val op: Binop a, b, c: val
c = a ∨ c = b
→ K = K₁ ++ (x, (op, a, b)) :: K₂
→ forward_inv K -∗ ⌜c ∉ x :: defs K₂⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K₁, K₂: list (val * (Binop * val * val)) x: val op: Binop a, b, c: val Hc: c = a ∨ c = b
forward_inv (K₁ ++ (x, (op, a, b)) :: K₂)
-∗ ⌜c ∉ x :: defs K₂⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K₁, K₂: list (val * (Binop * val * val)) x: val op: Binop a, b, c: val Hc: c = a ∨ c = b Hin: c ∈ x :: defs K₂
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K, K₁, K₂: list (val * (Binop * val * val)) x: val op: Binop a, b: val
K = K₁ ++ (x, (op, a, b)) :: K₂
→ forward_inv K -∗ ⌜a ∉ x :: defs K₂⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K, K₁, K₂: list (val * (Binop * val * val)) x: val op: Binop a, b: val
K = K₁ ++ (x, (op, a, b)) :: K₂
→ forward_inv K -∗ ⌜a ∉ x :: defs K₂⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K, K₁, K₂: list (val * (Binop * val * val)) x: val op: Binop a, b: val
a = a ∨ a = b
byleft.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K, K₁, K₂: list (val * (Binop * val * val)) x: val op: Binop a, b: val
K = K₁ ++ (x, (op, a, b)) :: K₂
→ forward_inv K -∗ ⌜b ∉ x :: defs K₂⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K, K₁, K₂: list (val * (Binop * val * val)) x: val op: Binop a, b: val
K = K₁ ++ (x, (op, a, b)) :: K₂
→ forward_inv K -∗ ⌜b ∉ x :: defs K₂⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K, K₁, K₂: list (val * (Binop * val * val)) x: val op: Binop a, b: val
b = a ∨ b = b
byright.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr ()
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ x
(Node () op el er)
-∗ forward_inv K
∗ (∃ab : val,
verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
∗ ⌜(x, (op, a, b)) ∈ K⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr ()
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ x
(Node () op el er)
-∗ forward_inv K
∗ (∃ab : val,
verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
∗ ⌜(x, (op, a, b)) ∈ K⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr ()
"Hauth" : is_current_context γ K
"Hrest" : ⌜∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]}⌝
∗ ([∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝)
--------------------------------------∗
verification.represents γ ℓₓ nᵣ x (Node () op el er)
-∗ forward_inv K
∗ (∃ab : val,
verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
∗ ⌜(x, (op, a, b)) ∈ K⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr ()
"Hauth" : is_current_context γ K
"Hrest" : ⌜∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]}⌝
∗ ([∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝)
--------------------------------------∗
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ forward_inv K
∗ (∃ab : val,
verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
∗ ⌜(x, (op, a, b)) ∈ K⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr () a, b: val
"Hauth" : is_current_context γ K
"Hrest" : ⌜∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]}⌝
∗ ([∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝)
"Hfrag" : is_entry γ x (op, a, b)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------∗
forward_inv K
∗ (∃ab : val,
verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
∗ ⌜(x, (op, a, b)) ∈ K⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr () a, b: val Hlkp: context_to_map K !! x = Some (op, a, b)
"Hauth" : is_current_context γ K
"Hrest" : ⌜∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]}⌝
∗ ([∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝)
"Hfrag" : is_entry γ x (op, a, b)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------∗
forward_inv K
∗ (∃ab : val,
verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
∗ ⌜(x, (op, a, b)) ∈ K⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr () a, b: val Hlkp: context_to_map K !! x = Some (op, a, b)
"Hfrag" : is_entry γ x (op, a, b)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------∗
∃ab : val,
verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
∗ ⌜(x, (op, a, b)) ∈ K⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr () a, b: val Hlkp: context_to_map K !! x = Some (op, a, b)
"Hfrag" : is_entry γ x (op, a, b)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------∗
verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
∗ ⌜(x, (op, a, b)) ∈ K⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr () a, b: val Hlkp: context_to_map K !! x = Some (op, a, b)
"Hfrag" : is_entry γ x (op, a, b)
--------------------------------------∗
⌜(x, (op, a, b)) ∈ K⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr () a, b: val Hlkp: context_to_map K !! x = Some (op, a, b)
(x, (op, a, b)) ∈ K
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr () a, b: val Hlkp: context_to_map K !! x = Some (op, a, b)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr ()
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ x
(Node () op el er) -∗ ⌜x ∈ defs K⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr ()
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ x
(Node () op el er) -∗ ⌜x ∈ defs K⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr ()
"Hinv" : forward_inv K
"Hx" : verification.represents γ ℓₓ nᵣ x
(Node () op el er)
--------------------------------------∗
⌜x ∈ defs K⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr ()
"Hin" : ∃ab : val,
verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
∗ ⌜(x, (op, a, b)) ∈ K⌝
--------------------------------------∗
⌜x ∈ defs K⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr () a, b: val H: (x, (op, a, b)) ∈ K
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr () a, b: val H: (x, (op, a, b)) ∈ K
x ∈ defs K
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context x: val op: Binop el, er: Expr () a, b: val H: (x, (op, a, b)) ∈ K
∃y : val * node, x = y.1 ∧ y ∈ K
byexists (x, (op, a, b)).Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜u
∈ defs K ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜u
∈ defs K ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
"Hinv" : forward_inv K
"Hu" : verification.represents γ ℓₓ nᵣ u e
--------------------------------------∗
⌜u
∈ defs K ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val op: Binop el, er: Expr ()
"Hinv" : forward_inv K
"Hu" : verification.represents γ ℓₓ nᵣ u
(Node () op el er)
--------------------------------------∗
⌜u
∈ defs K ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val op: Binop el, er: Expr () Hin: u ∈ defs K
"Hinv" : forward_inv K
"Hu" : verification.represents γ ℓₓ nᵣ u
(Node () op el er)
--------------------------------------∗
⌜u
∈ defs K ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val op: Binop el, er: Expr () Hin: u ∈ defs K
u
∈ defs K ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val op: Binop el, er: Expr () Hin: u ∈ defs K
u ∈ defs K
∨ u
∈ [InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]
byleft.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ u = InjLV (InjLV #()) ∨ u = InjLV (InjRV #())⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ u = InjLV (InjLV #()) ∨ u = InjLV (InjRV #())⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
"Hinv" : forward_inv K
"Hu" : verification.represents γ ℓₓ nᵣ u e
--------------------------------------∗
⌜u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ u = InjLV (InjLV #()) ∨ u = InjLV (InjRV #())⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr () Hu: u
∈ defs K ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]
"Hinv" : forward_inv K
"Hu" : verification.represents γ ℓₓ nᵣ u e
--------------------------------------∗
⌜u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ u = InjLV (InjLV #()) ∨ u = InjLV (InjRV #())⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr () Hu: u
∈ defs K ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]
u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ u = InjLV (InjLV #()) ∨ u = InjLV (InjRV #())
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
u ∈ defs K
∨ u = InjLV (InjLV #())
∨ u = InjLV (InjRV #())
∨ u = InjRV (nᵣ, #ℓₓ) ∨ False
→ (u ∈ defs K ∨ u = InjRV (nᵣ, #ℓₓ) ∨ False)
∨ u = InjLV (InjLV #()) ∨ u = InjLV (InjRV #())
naive_solver.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ, u: val
u
∈ [InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]
→ u = InjLV (InjLV #())
∨ u = InjLV (InjRV #()) ∨ u = InjRV (nᵣ, #ℓₓ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ, u: val
u
∈ [InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]
→ u = InjLV (InjLV #())
∨ u = InjLV (InjRV #()) ∨ u = InjRV (nᵣ, #ℓₓ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜vars (LetK .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜vars (LetK .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
"Hu" : verification.represents γ ℓₓ nᵣ u e
--------------------------------------□
"Hinv" : forward_inv K
--------------------------------------∗
⌜vars (LetK .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr () Ha₀: InjLV (InjLV #()) ∉ defs K
"Hu" : verification.represents γ ℓₓ nᵣ u e
--------------------------------------□
"Hinv" : forward_inv K
--------------------------------------∗
⌜vars (LetK .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr () Ha₀: InjLV (InjLV #()) ∉ defs K Ha₁: InjLV (InjRV #()) ∉ defs K
"Hu" : verification.represents γ ℓₓ nᵣ u e
--------------------------------------□
"Hinv" : forward_inv K
--------------------------------------∗
⌜vars (LetK .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr () Ha₀: InjLV (InjLV #()) ∉ defs K Ha₁: InjLV (InjRV #()) ∉ defs K Haₓ: InjRV (nᵣ, #ℓₓ) ∉ defs K
"Hu" : verification.represents γ ℓₓ nᵣ u e
--------------------------------------□
"Hinv" : forward_inv K
--------------------------------------∗
⌜vars (LetK .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr () Ha₀: InjLV (InjLV #()) ∉ defs K Ha₁: InjLV (InjRV #()) ∉ defs K Haₓ: InjRV (nᵣ, #ℓₓ) ∉ defs K Hu: u ∈ defs K
"Hu" : verification.represents γ ℓₓ nᵣ u e
--------------------------------------□
"Hinv" : forward_inv K
--------------------------------------∗
⌜vars (LetK .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr () Ha₀: InjLV (InjLV #()) ∉ defs K Ha₁: InjLV (InjRV #()) ∉ defs K Haₓ: InjRV (nᵣ, #ℓₓ) ∉ defs K Hu: u ∈ defs K H: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr ()
∀ (f := Leaf val .{[ InjLV (InjLV #()) := Oₑ]}) (g :=
Leaf
val
.{[
InjLV
(InjRV
#())
:= Iₑ]})
(K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜e =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr ()
∀ (f := Leaf val .{[ InjLV (InjLV #()) := Oₑ]}) (g :=
Leaf
val
.{[
InjLV
(InjRV
#())
:= Iₑ]})
(K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜e =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜e =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Oₑ)
-∗ ⌜Oₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Iₑ)
-∗ ⌜Iₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Xₑ)
-∗ ⌜Xₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u
(Node () op e1 e2)
-∗ ⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Oₑ)
-∗ ⌜Oₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂
forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Oₑ)
-∗ ⌜Oₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val K₁: list (val * node) K₂: context Hnot_in: InjLV (InjLV #()) ∉ defs K₂
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val K₁: list (val * node) K₂: context Hnot_in: InjLV (InjLV #()) ∉ defs K₂ Hℓ₀: InjLV (InjLV #()) ∉ defs (K₁ ++ K₂)
Oₑ = map (λ_ : val, ()) (Oₑ)
done.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Iₑ)
-∗ ⌜Iₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Xₑ)
-∗ ⌜Xₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u
(Node () op e1 e2)
-∗ ⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Iₑ)
-∗ ⌜Iₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂
forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Iₑ)
-∗ ⌜Iₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val K₁: list (val * node) K₂: context Hnot_in: InjLV (InjRV #()) ∉ defs K₂
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Xₑ)
-∗ ⌜Xₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u
(Node () op e1 e2)
-∗ ⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Xₑ)
-∗ ⌜Xₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂
forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u (Xₑ)
-∗ ⌜Xₑ =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val K₁: list (val * node) K₂: context Hnot_in: InjRV (nᵣ, #ℓₓ) ∉ defs K₂
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u
(Node () op e1 e2)
-∗ ⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
∀ (K₁ : list (val * node)) (K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u
(Node () op e1 e2)
-∗ ⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂
forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u
(Node () op e1 e2)
-∗ ⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂
"Hinv" : forward_inv (K₁ ++ K₂)
"Hrepr" : verification.represents γ ℓₓ nᵣ u
(Node () op e1 e2)
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt) (bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂ HNoDup: NoDup (defs (K₁ ++ K₂))
"Hinv" : forward_inv (K₁ ++ K₂)
"Hrepr" : verification.represents γ ℓₓ nᵣ u
(Node () op e1 e2)
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt) (bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂ HNoDup: NoDup (defs (K₁ ++ K₂))
"Hinv" : forward_inv (K₁ ++ K₂)
"Hrepr" : ∃ab : val,
verification.represents γ ℓₓ nᵣ a e1
∗ verification.represents γ ℓₓ nᵣ b e2
∗ ⌜(u, (op, a, b)) ∈ K₁ ++ K₂⌝
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt) (bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂ HNoDup: NoDup (defs (K₁ ++ K₂)) a, b: val H: (u, (op, a, b)) ∈ K₁ ++ K₂
"Hinv" : forward_inv (K₁ ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt) (bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂ HNoDup: NoDup (defs (K₁ ++ K₂)) a, b: val Hin: (u, (op, a, b)) ∈ K₁ ++ K₂
"Hinv" : forward_inv (K₁ ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt) (bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂ HNoDup: NoDup (defs (K₁ ++ K₂)) a, b: val
(u, (op, a, b)) ∈ K₁ ++ K₂
→ "Hinv" : forward_inv (K₁ ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt) (bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂ HNoDup: NoDup (defs (K₁ ++ K₂)) a, b: val
(u, (op, a, b)) ∈ K₁ ∨ (u, (op, a, b)) ∈ K₂
→ "Hinv" : forward_inv (K₁ ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt) (bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₁: list (val * node) K₂: context u: val Hnot_in: u ∉ defs K₂ HNoDup: NoDup (defs (K₁ ++ K₂)) a, b: val Hin: (u, (op, a, b)) ∈ K₁
"Hinv" : forward_inv (K₁ ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt) (bind f (bind g (LetK₁ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₂: context u: val Hnot_in: u ∉ defs K₂ a, b: val K₁₁, K₁₂: list (val * (Binop * val * val)) Hin: (u, (op, a, b)) ∈ K₁₁ ++ (u, (op, a, b)) :: K₁₂ HNoDup: NoDup
(defs
((K₁₁ ++ (u, (op, a, b)) :: K₁₂) ++ K₂)) Hnot_in': (u, (op, a, b)) ∉ K₁₂
"Hinv" : forward_inv
((K₁₁ ++ (u, (op, a, b)) :: K₁₂) ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f
(bind g
(LetK₁₁ ++ (u, (op, a, b)) :: K₁₂ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₂: context u: val Hnot_in: u ∉ defs K₂ a, b: val K₁₁, K₁₂: list (val * (Binop * val * val)) Hin: (u, (op, a, b)) ∈ K₁₁ ++ (u, (op, a, b)) :: K₁₂ Hnot_in': (u, (op, a, b)) ∉ K₁₂ HNoDup: NoDup
((defs K₁₁ ++ u :: defs K₁₂) ++ defs K₂)
"Hinv" : forward_inv
((K₁₁ ++ (u, (op, a, b)) :: K₁₂) ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f
(bind g
(LetK₁₁ ++ (u, (op, a, b)) :: K₁₂ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₂: context u: val Hnot_in: u ∉ defs K₂ a, b: val K₁₁, K₁₂: list (val * (Binop * val * val)) Hin: (u, (op, a, b)) ∈ K₁₁ ++ (u, (op, a, b)) :: K₁₂ Hnot_in': (u, (op, a, b)) ∉ K₁₂ HNoDup: NoDup
((defs K₁₁ ++ u :: defs K₁₂) ++ defs K₂) H: u ∉ defs K₁₂
"Hinv" : forward_inv
((K₁₁ ++ (u, (op, a, b)) :: K₁₂) ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f
(bind g
(LetK₁₁ ++ (u, (op, a, b)) :: K₁₂ .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₂: context u: val Hnot_in: u ∉ defs K₂ a, b: val K₁₁, K₁₂: list (val * (Binop * val * val)) Hin: (u, (op, a, b)) ∈ K₁₁ ++ (u, (op, a, b)) :: K₁₂ Hnot_in': (u, (op, a, b)) ∉ K₁₂ HNoDup: NoDup
((defs K₁₁ ++ u :: defs K₁₂) ++ defs K₂) H: u ∉ defs K₁₂
"Hinv" : forward_inv
((K₁₁ ++ (u, (op, a, b)) :: K₁₂) ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f
(bind g
(Node val op (LetK₁₁ .in a) (LetK₁₁ .in b))))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₂: context u: val Hnot_in: u ∉ defs K₂ a, b: val K₁₁, K₁₂: list (val * (Binop * val * val)) Hin: (u, (op, a, b)) ∈ K₁₁ ++ (u, (op, a, b)) :: K₁₂ Hnot_in': (u, (op, a, b)) ∉ K₁₂ HNoDup: NoDup
((defs K₁₁ ++ u :: defs K₁₂) ++ defs K₂) H: u ∉ defs K₁₂
"Hinv" : forward_inv
(K₁₁ ++ ((u, (op, a, b)) :: K₁₂) ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
map (λ_ : val, tt)
(bind f
(bind g
(Node val op (LetK₁₁ .in a) (LetK₁₁ .in b))))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₂: context u: val Hnot_in: u ∉ defs K₂ a, b: val K₁₁, K₁₂: list (val * (Binop * val * val)) Hin: (u, (op, a, b)) ∈ K₁₁ ++ (u, (op, a, b)) :: K₁₂ Hnot_in': (u, (op, a, b)) ∉ K₁₂ HNoDup: NoDup
((defs K₁₁ ++ u :: defs K₁₂) ++ defs K₂) H: u ∉ defs K₁₂
"Hinv" : forward_inv
(K₁₁ ++ (u, (op, a, b)) :: K₁₂ ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
Node () op
(map (λ_ : val, tt)
(bind f (bind g (LetK₁₁ .in a))))
(map (λ_ : val, tt)
(bind f (bind g (LetK₁₁ .in b))))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₂: context u: val Hnot_in: u ∉ defs K₂ a, b: val K₁₁, K₁₂: list (val * (Binop * val * val)) Hin: (u, (op, a, b)) ∈ K₁₁ ++ (u, (op, a, b)) :: K₁₂ Hnot_in': (u, (op, a, b)) ∉ K₁₂ HNoDup: NoDup
((defs K₁₁ ++ u :: defs K₁₂) ++ defs K₂) H: u ∉ defs K₁₂ Ha: a ∉ u :: defs (K₁₂ ++ K₂)
"Hinv" : forward_inv
(K₁₁ ++ (u, (op, a, b)) :: K₁₂ ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
Node () op
(map (λ_ : val, tt)
(bind f (bind g (LetK₁₁ .in a))))
(map (λ_ : val, tt)
(bind f (bind g (LetK₁₁ .in b))))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e1, e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e1
-∗ ⌜e1 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₂: context u: val Hnot_in: u ∉ defs K₂ a, b: val K₁₁, K₁₂: list (val * (Binop * val * val)) Hin: (u, (op, a, b)) ∈ K₁₁ ++ (u, (op, a, b)) :: K₁₂ Hnot_in': (u, (op, a, b)) ∉ K₁₂ HNoDup: NoDup
((defs K₁₁ ++ u :: defs K₁₂) ++ defs K₂) H: u ∉ defs K₁₂ Ha: a ∉ u :: defs (K₁₂ ++ K₂) Hb: b ∉ u :: defs (K₁₂ ++ K₂)
"Hinv" : forward_inv
(K₁₁ ++ (u, (op, a, b)) :: K₁₂ ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a e1
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op e1 e2 =
Node () op
(map (λ_ : val, tt)
(bind f (bind g (LetK₁₁ .in a))))
(map (λ_ : val, tt)
(bind f (bind g (LetK₁₁ .in b))))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val op: Binop e2: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val a: val K₁₁: list (val * (Binop * val * val)) IHl: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u
(map (λ_ : val, ())
(bind f (bind g (LetK₁₁ .in a))))
-∗ ⌜map (λ_ : val, tt)
(bind f (bind g (LetK₁₁ .in a))) =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ IHr: ∀ (K₁ : list (val * node))
(K₂ : context) (u : val),
u ∉ defs K₂
→ forward_inv (K₁ ++ K₂)
-∗ verification.represents γ ℓₓ nᵣ u e2
-∗ ⌜e2 =
map (λ_ : val, tt)
(bind f (bind g (LetK₁ .in u)))⌝ K₂: context u: val Hnot_in: u ∉ defs K₂ b: val K₁₂: list (val * (Binop * val * val)) Hin: (u, (op, a, b)) ∈ K₁₁ ++ (u, (op, a, b)) :: K₁₂ Hnot_in': (u, (op, a, b)) ∉ K₁₂ HNoDup: NoDup
((defs K₁₁ ++ u :: defs K₁₂) ++ defs K₂) H: u ∉ defs K₁₂ Ha: a ∉ u :: defs (K₁₂ ++ K₂) Hb: b ∉ u :: defs (K₁₂ ++ K₂)
"Hinv" : forward_inv
(K₁₁ ++ (u, (op, a, b)) :: K₁₂ ++ K₂)
"Ha" : verification.represents γ ℓₓ nᵣ a
(map (λ_ : val, ())
(bind f (bind g (LetK₁₁ .in a))))
"Hb" : verification.represents γ ℓₓ nᵣ b e2
--------------------------------------∗
⌜Node () op
(map (λ_ : val, tt)
(bind f (bind g (LetK₁₁ .in a)))) e2 =
Node () op
(map (λ_ : val, tt)
(bind f (bind g (LetK₁₁ .in a))))
(map (λ_ : val, tt)
(bind f (bind g (LetK₁₁ .in b))))⌝
iDestruct (IHr K₁₁ _ b with"Hinv Hb") as %->; done.}Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
letf := Leaf val .{[ InjLV (InjLV #()) := Oₑ]} inletg := Leaf val .{[ InjLV (InjRV #()) := Iₑ]} in
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜e =
map (λ_ : val, tt)
(bind f (bind g (LetK .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr ()
letf := Leaf val .{[ InjLV (InjLV #()) := Oₑ]} inletg := Leaf val .{[ InjLV (InjRV #()) := Iₑ]} in
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜e =
map (λ_ : val, tt)
(bind f (bind g (LetK .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜e =
map (λ_ : val, tt)
(bind f (bind g (LetK .in u)))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context u: val e: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
forward_inv (K ++ [])
-∗ verification.represents γ ℓₓ nᵣ u e
-∗ ⌜e =
map (λ_ : val, tt)
(bind f (bind g (LetK .in u)))⌝
apply forward_inv_agree_aux, not_elem_of_nil.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context y: val e: Expr ()
letϱ :=
((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]} in
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ y e
-∗ ⌜(∂ e ./ ∂ tt .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ) .at ϱ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context y: val e: Expr ()
letϱ :=
((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]} in
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ y e
-∗ ⌜(∂ e ./ ∂ tt .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ) .at ϱ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context y: val e: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val
letϱ :=
((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]} in
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ y e
-∗ ⌜(∂ e ./ ∂ tt .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ) .at ϱ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context y: val e: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val
letϱ :=
((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]} in
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ y e
-∗ ⌜(∂ e ./ ∂ tt .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ) .at ϱ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context y: val e: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R
forward_inv K
-∗ verification.represents γ ℓₓ nᵣ y e
-∗ ⌜(∂ e ./ ∂ tt .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ) .at ϱ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context y: val e: Expr () f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R
"Hinv" : forward_inv K
"Hy" : verification.represents γ ℓₓ nᵣ y e
--------------------------------------∗
⌜(∂ e ./ ∂ tt .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ) .at ϱ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context y: val f:= Leaf val .{[ InjLV (InjLV #()) := Oₑ]}: val → Expr val g:= Leaf val .{[ InjLV (InjRV #()) := Iₑ]}: val → Expr val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d: val
ℓ ↦ d
-∗ forward_inv K
-∗ ⌜∀v : val,
InjRV (v, #ℓ) ∉ defs K ++ [InjRV (nᵣ, #ℓₓ)]⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d: val
ℓ ↦ d
-∗ forward_inv K
-∗ ⌜∀v : val,
InjRV (v, #ℓ) ∉ defs K ++ [InjRV (nᵣ, #ℓₓ)]⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v, u: val us: list val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val
InjRV (v, #ℓ) ∉ []
byapply not_elem_of_nil.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v, u: val us: list val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v, u: val us: list val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v, u: val us: list val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v, u: val us: list val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v, u: val us: list val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val us: list val v': val ℓ': loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val us: list val v': val ℓ': loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val us: list val v': val ℓ': loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val us: list val v': val ℓ': loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val us: list val v': val ℓ': loc H: ℓ ≠ ℓ'
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val us: list val v': val ℓ': loc H: ℓ ≠ ℓ'
InjRV (v, #ℓ) ≠ InjRV (v', #ℓ')
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val us: list val v': val ℓ': loc H: ℓ ≠ ℓ' H0: InjRV (v, #ℓ) = InjRV (v', #ℓ') H2: v = v' H3: ℓ = ℓ'
False
contradiction.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val us: list val v': val ℓ': loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val us: list val v': val ℓ': loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d: val
ℓ ↦ d
-∗ forward_inv K
-∗ ⌜∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d: val
ℓ ↦ d
-∗ forward_inv K
-∗ ⌜∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val
"Hx" : ℓ ↦ d
"Hinv" : forward_inv K
--------------------------------------∗
⌜context_to_map K !! InjRV (v, #ℓ) = None⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)]
"Hx" : ℓ ↦ d
"Hinv" : forward_inv K
--------------------------------------∗
⌜context_to_map K !! InjRV (v, #ℓ) = None⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)]
context_to_map K !! InjRV (v, #ℓ) = None
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: context ℓ: loc d, v: val Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)]
InjRV (v, #ℓ) ∉ (reverse K).*1
set_solver.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) x: val op: Binop a, b, v: val ℓ: loc el, er: Expr ()
letϱ :=
((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]} inletK' := K ++ [(x, (op, a, b))] in
x = InjRV (v, #ℓ)
→ forward_inv K
-∗ verification.represents γ ℓₓ nᵣ a el
-∗ verification.represents γ ℓₓ nᵣ b er
-∗ implements v ((ϱ .{[ K']}) x)
-∗ ℓ ↦ nzero
==∗ forward_inv K'
∗ verification.represents γ ℓₓ nᵣ x
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) x: val op: Binop a, b, v: val ℓ: loc el, er: Expr ()
letϱ :=
((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]} inletK' := K ++ [(x, (op, a, b))] in
x = InjRV (v, #ℓ)
→ forward_inv K
-∗ verification.represents γ ℓₓ nᵣ a el
-∗ verification.represents γ ℓₓ nᵣ b er
-∗ implements v ((ϱ .{[ K']}) x)
-∗ ℓ ↦ nzero
==∗ forward_inv K'
∗ verification.represents γ ℓₓ nᵣ x
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) x: val op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(x, (op, a, b))]: list (val * (Binop * val * val))
x = InjRV (v, #ℓ)
→ forward_inv K
-∗ verification.represents γ ℓₓ nᵣ a el
-∗ verification.represents γ ℓₓ nᵣ b er
-∗ implements v ((ϱ .{[ K']}) x)
-∗ ℓ ↦ nzero
==∗ forward_inv K'
∗ verification.represents γ ℓₓ nᵣ x
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val))
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : forward_inv K
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
"Hx" : ℓ ↦ nzero
--------------------------------------∗
|==> forward_inv K'
∗ verification.represents γ ℓₓ nᵣ (InjRV (v, #ℓ))
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val))
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : forward_inv K
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
"Hx" : ℓ ↦ nzero
--------------------------------------∗
|==> forward_inv K'
∗ verification.represents γ ℓₓ nᵣ (InjRV (v, #ℓ))
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)]
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : forward_inv K
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
"Hx" : ℓ ↦ nzero
--------------------------------------∗
|==> forward_inv K'
∗ verification.represents γ ℓₓ nᵣ (InjRV (v, #ℓ))
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : forward_inv K
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
"Hx" : ℓ ↦ nzero
--------------------------------------∗
|==> forward_inv K'
∗ verification.represents γ ℓₓ nᵣ (InjRV (v, #ℓ))
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]}
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : forward_inv K
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
"Hx" : ℓ ↦ nzero
--------------------------------------∗
|==> forward_inv K'
∗ verification.represents γ ℓₓ nᵣ (InjRV (v, #ℓ))
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]}
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : forward_inv K
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
"Hx" : ℓ ↦ nzero
--------------------------------------∗
|==> forward_inv K'
∗ verification.represents γ ℓₓ nᵣ (InjRV (v, #ℓ))
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} H: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"HK" : is_current_context γ K
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #())
:= Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
"Hx" : ℓ ↦ nzero
--------------------------------------∗
|==> forward_inv K'
∗ verification.represents γ ℓₓ nᵣ (InjRV (v, #ℓ))
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"HK" : is_current_context γ K
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #())
:= Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
"Hx" : ℓ ↦ nzero
--------------------------------------∗
|==> forward_inv K'
∗ verification.represents γ ℓₓ nᵣ (InjRV (v, #ℓ))
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #())
:= Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
"Hx" : ℓ ↦ nzero
"HK'" : is_current_context γ
(K ++ [(InjRV (v, #ℓ), (op, a, b))])
"Hentry" : is_entry γ (InjRV (v, #ℓ)) (op, a, b)
--------------------------------------∗
|==> forward_inv K'
∗ verification.represents γ ℓₓ nᵣ (InjRV (v, #ℓ))
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #())
:= Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
"Hx" : ℓ ↦ nzero
"HK'" : is_current_context γ
(K ++ [(InjRV (v, #ℓ), (op, a, b))])
"Hentry" : is_entry γ (InjRV (v, #ℓ)) (op, a, b)
--------------------------------------∗
forward_inv K'
∗ verification.represents γ ℓₓ nᵣ (InjRV (v, #ℓ))
(Node () op el er)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"HK'" : is_current_context γ
(K ++ [(InjRV (v, #ℓ), (op, a, b))])
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #())
:= Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hx" : ℓ ↦ nzero
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
--------------------------------------∗
forward_inv K'
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #())
:= Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hx" : ℓ ↦ nzero
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
--------------------------------------∗
⌜∀u : val,
u ∈ defs K'
→ vars (LetK' .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}⌝
∗ ([∗ list] u ∈ (defs K' ++ [InjRV (nᵣ, #ℓₓ)]), ∃ (v : val)
(ℓ : loc),
implements
v
(((((λ_ : val,
r)
.{[ InjLV
(InjLV
#())
:= Oᵣ]})
.{[
InjLV
(InjRV
#())
:= Iᵣ]})
.{[ K']})
u)
∗
ℓ ↦ nzero
∗ ⌜
u =
InjRV
(v,
#ℓ)⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v ((ϱ .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hx" : ℓ ↦ nzero
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
--------------------------------------∗
⌜∀u : val,
u ∈ defs K'
→ vars (LetK' .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}⌝
∗ ([∗ list] u ∈ (defs K' ++ [InjRV (nᵣ, #ℓₓ)]), ∃ (v : val)
(ℓ : loc),
implements
v
((ϱ
.{[ K']})
u)
∗
ℓ ↦ nzero
∗ ⌜
u =
InjRV
(v,
#ℓ)⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
∀u : val,
u ∈ defs K'
→ vars (LetK' .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hheap" : [∗ list] u ∈
(defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v ((ϱ .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hx" : ℓ ↦ nzero
"Hv" : implements v ((ϱ .{[ K']}) (InjRV (v, #ℓ)))
--------------------------------------∗
[∗ list] u ∈ (defs K' ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v ((ϱ .{[ K']}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
∀u : val,
u ∈ defs K'
→ vars (LetK' .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]} u: val
u ∈ defs K'
→ vars (LetK' .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]} u: val
u ∈ defs K ∨ u = InjRV (v, #ℓ)
→ vars (LetK' .in u)
⊆ {[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val K: list (val * (Binop * val * val)) op: Binop a, b, v: val ℓ: loc el, er: Expr () ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R K':= K ++ [(InjRV (v, #ℓ), (op, a, b))]: list (val * (Binop * val * val)) Hnot_in: ∀v : val,
InjRV (v, #ℓ)
∉ defs K ++ [InjRV (nᵣ, #ℓₓ)] Hlkp: ∀v : val,
context_to_map K !! InjRV (v, #ℓ) = None Hvars_a: vars (LetK .in a)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars_b: vars (LetK .in b)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #()); InjRV (nᵣ, #ℓₓ)]} Hvars: ∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[InjLV (InjLV #());
InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]} u: val Hu: u ∈ defs K
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS ℓₓ: loc r: R nᵣ: val γ: gname
"Hnᵣ" : implements nᵣ r
--------------------------------------∗
implements nᵣ r ∗ ⌜InjRV (nᵣ, #ℓₓ) = InjRV (nᵣ, #ℓₓ)⌝
by iFrame.}Qed.Endforward_invariant_alloc.(** Backward invariant. *)(** After the execution of the client, the handler traverses the complete sequence of operations in reverse order. We can thus split this complete sequence into a pair of contexts, its prefix and suffix, and state what holds at each step of this phase in terms of those.*)Sectionbackward_invariant.Context `{!cgraphG Σ, !heapG Σ}
{R : Set} {RS : RingSig R} {RA : IsRing R}
{N : Num} {Ψ : iEff Σ} {NSpec : NumSpec N Ψ RS}.Variables (γ : gname)
(ℓₓ : loc)
(r : R)
(nᵣ : val)
(e : Expr ()). (* The expression implemented by the client. *)Notationa₀ := (InjLV (InjLV #()))%V (only parsing).Notationa₁ := (InjLV (InjRV #()))%V (only parsing).Notationaₓ := (InjRV (nᵣ, #ℓₓ))%V (only parsing).Notationadj_vars := ([a₀; a₁; aₓ]) (only parsing).Notationrepresents := (represents γ ℓₓ nᵣ) (only parsing).Definitionmapsto_diff (K₁K₂ : context) (yu : val) : iProp Σ :=
letϱ := (λ_, r).{[a₀ := Oᵣ]}.{[a₁ := Iᵣ]} inletϑ := ϱ.{[K₁]} in
(∀v (ℓ : loc), ⌜ u = InjRV (v, #ℓ)%V ⌝ →
(∃ds,
implements d s ∗
⌜ s =ᵣ ∂ (LetK₂ .in y) ./ ∂ u .at ϑ ⌝ ∗
ℓ ↦ d )
)%I.Definitionbackward_inv (K₁K₂ : context) (y : val) : iProp Σ := (
letϱ := (λ_, r).{[a₀ := Oᵣ]}.{[a₁ := Iᵣ]} in
⌜ ∂ e ./ ∂ tt .at (λ_, r) =ᵣ
∂ (Let (K₁ ++ K₂) .in y) ./ ∂ aₓ .at ϱ ⌝ ∗
( [∗ list] u ∈ defs K₁ ++ [aₓ], ∃v (ℓ : loc),
mapsto_diff K₁ K₂ y u ∗
⌜ u = InjRV (v, #ℓ)%V ⌝ )
)%I.Definitionis_adj_var (a : val) : iProp Σ :=
⌜ (∃ (w : val), a = InjLV w ) ∨
(∃ (n : val) (ℓ : loc), a = InjRV (n, #ℓ)%V) ⌝.Definitionboth_mapto_diff (K₁K₂ : context) (yab : val) : iProp Σ :=
(is_adj_var a ∗ mapsto_diff K₁ K₂ y a) ∗ (⌜ a ≠ b ⌝ -∗
(is_adj_var b ∗ mapsto_diff K₁ K₂ y b)).
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc
u = InjRV (v, #ℓ)
→ x ≠ u
→ a ≠ u
→ b ≠ u
→ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y u
-∗ mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y u
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc
u = InjRV (v, #ℓ)
→ x ≠ u
→ a ≠ u
→ b ≠ u
→ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y u
-∗ mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y u
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R
u = InjRV (v, #ℓ)
→ x ≠ u
→ a ≠ u
→ b ≠ u
→ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y u
-∗ mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y u
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u
"Hu" : mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y u
--------------------------------------∗
mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y u
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R H: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]}))
"Hd" : implements d s
"HH" : ℓ ↦ d
--------------------------------------∗
mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y u
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]}))
"Hd" : implements d s
"HH" : ℓ ↦ d
--------------------------------------∗
mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y u
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) v': val ℓ': loc Hu': u = InjRV (v', #ℓ')
"Hd" : implements d s
"HH" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁]}))⌝ ∗ ℓ' ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
"Hd" : implements d s
"HH" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
"Hd" : implements d s
"HH" : ℓ ↦ d
--------------------------------------∗
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
--------------------------------------∗
⌜s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}) .{[ K₁]}))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}) .{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ u
.at (ϱ .{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) =ᵣ
((∂ LetK₂ .in y ./ ∂ u
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]}))
×ᵣ (∂ Node val op (Leaf val a) (Leaf val b) ./ ∂ u
.at (ϱ .{[ K₁]})))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) =ᵣ
((∂ LetK₂ .in y ./ ∂ u
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]}))
×ᵣ (Oᵣ))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(∂ Node val op (Leaf val a) (Leaf val b) ./ ∂ u
.at (ϱ .{[ K₁]})) =ᵣ Oᵣ
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) =ᵣ
((∂ LetK₂ .in y ./ ∂ u
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]}))
×ᵣ (Oᵣ))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) =ᵣ
((∂ LetK₂ .in y ./ ∂ u
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
(Oᵣ)
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a)
((ϱ .{[ K₁]}) b)]})))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) =ᵣ
((∂ LetK₂ .in y ./ ∂ u
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
Oᵣ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) =ᵣ
(Oᵣ +ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]}))
rewrite extension_snoc //=; done.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(∂ Node val op (Leaf val a) (Leaf val b) ./ ∂ u
.at (ϱ .{[ K₁]})) =ᵣ Oᵣ
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(∂ Node val op (Leaf val a) (Leaf val b) ./ ∂ u
.at (ϱ .{[ K₁]})) =ᵣ Oᵣ
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (Add, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(Oᵣ +ᵣ Oᵣ) =ᵣ Oᵣ
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (Mul, a, b))]]})) Hu': u = InjRV (v, #ℓ)
((Oᵣ) ×ᵣ (ϱ .{[ K₁]}) b +ᵣ (ϱ .{[ K₁]}) a ×ᵣ (Oᵣ)) =ᵣ
Oᵣ
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (Add, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(Oᵣ +ᵣ Oᵣ) =ᵣ Oᵣ
rewrite (SRadd_0_l is_semi_ring); done.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (Mul, a, b))]]})) Hu': u = InjRV (v, #ℓ)
((Oᵣ) ×ᵣ (ϱ .{[ K₁]}) b +ᵣ (ϱ .{[ K₁]}) a ×ᵣ (Oᵣ)) =ᵣ
Oᵣ
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (Mul, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(Oᵣ +ᵣ (ϱ .{[ K₁]}) a ×ᵣ (Oᵣ)) =ᵣ Oᵣ
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (Mul, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(Oᵣ +ᵣ (Oᵣ) ×ᵣ (ϱ .{[ K₁]}) a) =ᵣ Oᵣ
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, a, b, u, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hu: u = InjRV (v, #ℓ) Hux: x ≠ u Hua: a ≠ u Hub: b ≠ u d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ u
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ K₁ ++ [(x, (Mul, a, b))]]})) Hu': u = InjRV (v, #ℓ)
(Oᵣ +ᵣ Oᵣ) =ᵣ Oᵣ
rewrite (SRadd_0_l is_semi_ring); done.}Qed.(* Remark: the first assumptions could be suppressed, but in the actual proof they are easily met. *)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val
(∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ))
→ NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)])
→ x ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]
→ b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]
→ backward_inv (K₁ ++ [(x, (op, a, b))]) K₂ y
-∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂
y x
∗ both_mapto_diff
(K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁
((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁
((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val
(∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ))
→ NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)])
→ x ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]
→ b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #());
InjRV (nᵣ, #ℓₓ)]
→ backward_inv (K₁ ++ [(x, (op, a, b))]) K₂ y
-∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂
y x
∗ both_mapto_diff
(K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁
((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁
((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val
(∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ))
→ NoDup (defs K₁ ++ [aₓ])
→ x ∉ defs K₁ ++ [aₓ]
→ a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ]
→ b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ]
→ backward_inv (K₁ ++ [(x, (op, a, b))]) K₂ y
-∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂
y x
∗ both_mapto_diff
(K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁
((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁
((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R
(∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ))
→ NoDup (defs K₁ ++ [aₓ])
→ x ∉ defs K₁ ++ [aₓ]
→ a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ]
→ b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ]
→ backward_inv (K₁ ++ [(x, (op, a, b))]) K₂ y
-∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂
y x
∗ both_mapto_diff
(K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁
((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁
((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ]
backward_inv (K₁ ++ [(x, (op, a, b))]) K₂ y
-∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y x
∗ both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a
b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] H: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
"HK₁" : [∗ list] u ∈ (defs (K₁ ++ [(x, (op, a, b))]) ++
[InjRV (nᵣ, #ℓₓ)]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y u
∗ ⌜u =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y x
∗ both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
"HK₁" : [∗ list] u ∈ (defs (K₁ ++ [(x, (op, a, b))]) ++
[InjRV (nᵣ, #ℓₓ)]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y u
∗ ⌜u =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y x
∗ both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ)
"HK₁" : [∗ list] u ∈ (defs (K₁ ++ [(x, (op, a, b))]) ++
[InjRV (nᵣ, #ℓₓ)]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y u
∗ ⌜u =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y x
∗ both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ)
"HK₁" : [∗ list] u ∈ (defs (K₁ ++ [(x, (op, a, b))]) ++
[aₓ]), ∃ (v : val) (ℓ : loc),
mapsto_diff
(K₁ ++
[(x, (op, a, b))])
K₂ y u
∗ ⌜u = InjRV (v, #ℓ)⌝
--------------------------------------∗
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y x
∗ both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ)
"HK₁" : [∗ list] u ∈ ((defs K₁ ++ [x]) ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y
u
∗ ⌜
u =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y x
∗ both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ)
"HK₁" : [∗ list] x0 ∈ (x :: defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y
x0
∗ ⌜
x0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y x
∗ both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ)
"Hx" : ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y x
∗ ⌜x = InjRV (v, #ℓ)⌝
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y x
∗ both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
(* TODO: cleanup. *)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc
(a ∈ defs K₁ ++ [aₓ]
∨ a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()))
∧ (b ∈ defs K₁ ++ [aₓ]
∨ b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ]
∨ a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b ∈ defs K₁ ++ [aₓ]
∨ b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]),
∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
y0 ∗ ⌜y0 = InjRV (v, #ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc
(a ∈ defs K₁ ++ [aₓ]
∨ a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()))
∧ (b ∈ defs K₁ ++ [aₓ]
∨ b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc
a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ]
→ b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ]
→ (a ∈ defs K₁ ++ [aₓ]
∨ a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()))
∧ (b ∈ defs K₁ ++ [aₓ]
∨ b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()))
rewrite !elem_of_app !elem_of_cons; naive_solver.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ]
∨ a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b ∈ defs K₁ ++ [aₓ]
∨ b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ]
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]),
∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
y0 ∗ ⌜y0 = InjRV (v, #ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b ∈ defs K₁ ++ [aₓ]
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]),
∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
y0 ∗ ⌜y0 = InjRV (v, #ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]),
∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
y0 ∗ ⌜y0 = InjRV (v, #ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ]
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b
"HK₁" : (∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
a ∗ ⌜a = InjRV (v, #ℓ)⌝)
∗ ([∗ list] k↦y0 ∈ (defs K₁ ++ [aₓ]), ⌜k ≠ i⌝
→ ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y
y0
∗ ⌜
y0 =
InjRV
(v,
#ℓ)⌝)
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b
"HK₁" : (∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
a ∗ ⌜a = InjRV (v, #ℓ)⌝)
∗ (⌜j ≠ i⌝
→ ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))])
K₂ y b ∗ ⌜b = InjRV (v, #ℓ)⌝)
∗ ([∗ list] k↦y0 ∈ (defs K₁ ++ [aₓ]), ⌜k ≠ j⌝
→
⌜k ≠ i⌝
→
∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y
y0
∗ ⌜
y0 =
InjRV
(v,
#ℓ)⌝)
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b
"Ha" : ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
∗ ⌜a = InjRV (v, #ℓ)⌝
"Hb" : ⌜j ≠ i⌝
→ ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
b ∗ ⌜b = InjRV (v, #ℓ)⌝
"HK₁" : [∗ list] k↦y0 ∈ (defs K₁ ++ [aₓ]), ⌜k ≠ j⌝
→ ⌜k ≠ i⌝
→ ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y
y0
∗ ⌜
y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b
"Ha" : ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
∗ ⌜a = InjRV (v, #ℓ)⌝
--------------------------------------∗
is_adj_var a
∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b
"Hb" : ⌜j ≠ i⌝
→ ∃ (v : val) (ℓ : loc),
mapsto_diff
(K₁ ++ [(x, (op, a, b))]) K₂ y b
∗ ⌜b = InjRV (v, #ℓ)⌝
--------------------------------------∗
⌜a ≠ b⌝
-∗ is_adj_var b
∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b
"HK₁" : [∗ list] k↦y0 ∈
(defs K₁ ++ [aₓ]),
⌜k ≠ j⌝
→ ⌜k ≠ i⌝
→ ∃ (v : val) (ℓ : loc),
mapsto_diff
(K₁ ++ [(x, (op, a, b))]) K₂ y y0
∗ ⌜y0 = InjRV (v, #ℓ)⌝
--------------------------------------∗
both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b
"Ha" : ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
∗ ⌜a = InjRV (v, #ℓ)⌝
--------------------------------------∗
is_adj_var a
∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] w: val ℓ': loc Ha: InjRV (w, #ℓ')
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, InjRV (w, #ℓ'), b))]) ++
K₂ .in y ./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': InjRV (w, #ℓ') ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some (InjRV (w, #ℓ')) j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b
"Hb" : ⌜j ≠ i⌝
→ ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
b ∗ ⌜b = InjRV (v, #ℓ)⌝
--------------------------------------∗
⌜a ≠ b⌝
-∗ is_adj_var b
∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b Hab: a ≠ b
"Hb" : ⌜j ≠ i⌝
→ ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
b ∗ ⌜b = InjRV (v, #ℓ)⌝
--------------------------------------∗
is_adj_var b
∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hj: (defs K₁ ++ [aₓ]) !! j = Some b Hab: a ≠ b
"Hb" : ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y b
∗ ⌜b = InjRV (v, #ℓ)⌝
--------------------------------------∗
is_adj_var b
∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] w: val ℓ': loc Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, InjRV (w, #ℓ')))]) ++
K₂ .in y ./ ∂ aₓ .at ϱ) Hb: InjRV (w, #ℓ')
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': InjRV (w, #ℓ') ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hab: a ≠ InjRV (w, #ℓ') Hj: (defs K₁ ++ [aₓ]) !! j = Some (InjRV (w, #ℓ'))
"Hy" : mapsto_diff
(K₁ ++ [(x, (op, a, InjRV (w, #ℓ')))]) K₂ y
(InjRV (w, #ℓ'))
--------------------------------------∗
is_adj_var (InjRV (w, #ℓ'))
∗ mapsto_diff (K₁ ++ [(x, (op, a, InjRV (w, #ℓ')))])
K₂ y (InjRV (w, #ℓ'))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] w: val ℓ': loc Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, InjRV (w, #ℓ')))]) ++
K₂ .in y ./ ∂ aₓ .at ϱ) Hb: InjRV (w, #ℓ')
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': InjRV (w, #ℓ') ∈ defs K₁ ++ [aₓ] i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a j: nat Hab: a ≠ InjRV (w, #ℓ') Hj: (defs K₁ ++ [aₓ]) !! j = Some (InjRV (w, #ℓ'))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b ∈ defs K₁ ++ [aₓ]
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]),
∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
y0 ∗ ⌜y0 = InjRV (v, #ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]),
∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
y0 ∗ ⌜y0 = InjRV (v, #ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a
"HK₁" : (∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
a ∗ ⌜a = InjRV (v, #ℓ)⌝)
∗ ([∗ list] k↦y0 ∈ (defs K₁ ++ [aₓ]), ⌜k ≠ i⌝
→ ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y
y0
∗ ⌜
y0 =
InjRV
(v,
#ℓ)⌝)
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a av: val ℓa: loc Ha'': a = InjRV (av, #ℓa)
"HK₁" : (∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
a ∗ ⌜a = InjRV (v, #ℓ)⌝)
∗ ([∗ list] k↦y0 ∈ (defs K₁ ++ [aₓ]), ⌜k ≠ i⌝
→ ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y
y0
∗ ⌜
y0 =
InjRV
(v,
#ℓ)⌝)
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a av: val ℓa: loc Ha'': a = InjRV (av, #ℓa)
"Ha" : ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
∗ ⌜a = InjRV (v, #ℓ)⌝
"HK₁" : [∗ list] k↦y0 ∈ (defs K₁ ++ [aₓ]), ⌜k ≠ i⌝
→ ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op,
a, b))])
K₂ y
y0
∗ ⌜
y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a b
∗ (both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a av: val ℓa: loc Ha'': a = InjRV (av, #ℓa)
"Ha" : ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
∗ ⌜a = InjRV (v, #ℓ)⌝
--------------------------------------∗
is_adj_var a
∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a av: val ℓa: loc Ha'': a = InjRV (av, #ℓa)
--------------------------------------∗
⌜a ≠ b⌝
-∗ is_adj_var b
∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a av: val ℓa: loc Ha'': a = InjRV (av, #ℓa)
"HK₁" : [∗ list] k↦y0 ∈
(defs K₁ ++ [aₓ]),
⌜k ≠ i⌝
→ ∃ (v : val) (ℓ : loc),
mapsto_diff
(K₁ ++ [(x, (op, a, b))]) K₂ y y0
∗ ⌜y0 = InjRV (v, #ℓ)⌝
--------------------------------------∗
both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some a av: val ℓa: loc Ha'': a = InjRV (av, #ℓa)
"Ha" : ∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
∗ ⌜a = InjRV (v, #ℓ)⌝
--------------------------------------∗
is_adj_var a
∗ mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] w: val ℓ': loc Ha: InjRV (w, #ℓ')
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, InjRV (w, #ℓ'), b))]) ++
K₂ .in y ./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': InjRV (w, #ℓ') ∈ defs K₁ ++ [aₓ] Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) i: nat Hi: (defs K₁ ++ [aₓ]) !! i = Some (InjRV (w, #ℓ')) av: val ℓa: loc Ha'': InjRV (w, #ℓ') = InjRV (av, #ℓa)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
both_mapto_diff K₁ ((x, (op, a, b)) :: K₂) y a b
-∗ backward_inv K₁ ((x, (op, a, b)) :: K₂) y
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
backward_inv K₁ ((x, (op, a, b)) :: K₂) y
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
"HK₁" : [∗ list] y0 ∈ (defs K₁ ++ [aₓ]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
(K₁ ++
[(x,
(op, a,
b))])
K₂ y y0
∗ ⌜y0 =
InjRV
(v,
#ℓ)⌝
--------------------------------------∗
[∗ list] u ∈ (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]), ∃ (v : val)
(ℓ : loc),
mapsto_diff
K₁
((x,
(op,
a, b))
:: K₂)
y u
∗ ⌜
u =
InjRV
(v,
#ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #())
∀ (k : nat) (y0 : val),
(defs K₁ ++ [aₓ]) !! k = Some y0
→ (λ (_ : nat) (y1 : val),
∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y y1
∗ ⌜y1 = InjRV (v, #ℓ)⌝) k y0
-∗ (λ (_ : nat) (y1 : val),
∃ (v : val) (ℓ : loc),
mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y
y1 ∗ ⌜y1 = InjRV (v, #ℓ)⌝) k y0
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) k: nat y': val Hk: (defs K₁ ++ [aₓ]) !! k = Some y'
(λ (_ : nat) (y0 : val),
∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y y0
∗ ⌜y0 = InjRV (v, #ℓ)⌝) k y'
-∗ (λ (_ : nat) (y0 : val),
∃ (v : val) (ℓ : loc),
mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y y0
∗ ⌜y0 = InjRV (v, #ℓ)⌝) k y'
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) k: nat y': val Hk: (defs K₁ ++ [aₓ]) !! k = Some y'
(∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y y'
∗ ⌜y' = InjRV (v, #ℓ)⌝)
-∗ ∃ (v : val) (ℓ : loc),
mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y y'
∗ ⌜y' = InjRV (v, #ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) k: nat y': val Hk: (defs K₁ ++ [aₓ]) !! k = Some y' H: y' ∈ defs K₁ ++ [aₓ]
(∃ (v : val) (ℓ : loc),
mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y y'
∗ ⌜y' = InjRV (v, #ℓ)⌝)
-∗ ∃ (v : val) (ℓ : loc),
mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y y'
∗ ⌜y' = InjRV (v, #ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) k: nat w: val ℓ': loc H: InjRV (w, #ℓ') ∈ defs K₁ ++ [aₓ] Hk: (defs K₁ ++ [aₓ]) !! k = Some (InjRV (w, #ℓ'))
"Hy" : mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
(InjRV (w, #ℓ'))
--------------------------------------∗
∃ (v : val) (ℓ : loc),
mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y
(InjRV (w, #ℓ'))
∗ ⌜InjRV (w, #ℓ') = InjRV (v, #ℓ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) k: nat w: val ℓ': loc H: InjRV (w, #ℓ') ∈ defs K₁ ++ [aₓ] Hk: (defs K₁ ++ [aₓ]) !! k = Some (InjRV (w, #ℓ'))
"Hy" : mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
(InjRV (w, #ℓ'))
--------------------------------------∗
mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y
(InjRV (w, #ℓ')) ∗ ⌜InjRV (w, #ℓ') = InjRV (w, #ℓ')⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x: val op: Binop a, b: val aₓ:= InjRV (nᵣ, #ℓₓ): val ϱ:= ((λ_ : val, r) .{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}: val → R Hdefs: ∀a : val,
a ∈ defs K₁ ++ [aₓ]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) HND: NoDup (defs K₁ ++ [aₓ]) Hx: x ∉ defs K₁ ++ [aₓ] Ha: a
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hb: b
∈ defs K₁ ++
[InjLV (InjLV #()); InjLV (InjRV #()); aₓ] Hdiff: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let (K₁ ++ [(x, (op, a, b))]) ++ K₂ .in y
./ ∂ aₓ .at ϱ) v: val ℓ: loc Ha': a = InjLV (InjLV #()) ∨ a = InjLV (InjRV #()) Hb': b = InjLV (InjLV #()) ∨ b = InjLV (InjRV #()) k: nat w: val ℓ': loc H: InjRV (w, #ℓ') ∈ defs K₁ ++ [aₓ] Hk: (defs K₁ ++ [aₓ]) !! k = Some (InjRV (w, #ℓ'))
"Hy" : mapsto_diff (K₁ ++ [(x, (op, a, b))]) K₂ y
(InjRV (w, #ℓ'))
--------------------------------------∗
mapsto_diff K₁ ((x, (op, a, b)) :: K₂) y
(InjRV (w, #ℓ'))
iApply (mapsto_diff_update with"Hy");
[done|byintros ->| |];
intros ->; naive_solver.}Qed.Endbackward_invariant.Sectionlibrary_implementation_of_expressions.Context `{!cgraphG Σ, !heapG Σ}
{R : Set} {RS : RingSig R}
{N : Num} {Ψ : iEff Σ} {NSpec : NumSpec N Ψ RS}.Variables (γ : gname)
(ℓₓ : loc)
(r : R)
(nᵣ : val).Notationa₀ := (InjLV (InjLV #()))%V.Notationa₁ := (InjLV (InjRV #()))%V.Notationaₓ := (InjRV (nᵣ, #ℓₓ))%V.Notationadj_vars := ([a₀; a₁; aₓ]) (only parsing).Notationrepresents := (represents γ ℓₓ nᵣ) (only parsing).(* If we give the predicate [represents] directly in the definition of [ExprNumSpec], then some unsolved goals remain. With this silly definition they don't. *)Definitionimplements_expr : val → Expr () → iProp Σ :=
represents.Definitionto_val : Binop → val :=
λop, match op withAdd => InjLV #() | Mul => InjRV #() end.Definitionargs : Binop → val → val → val :=
λopab, ((to_val op), (a, b)%V)%V.DefinitionAD : iEff Σ :=
(>> (op : Binop) (a b : val) (el er : Expr ()) >>
! (args op a b) {{ represents a el ∗ represents b er }};
<< (x : val) <<
? (x) {{ represents x (Node _ op el er) }}).
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ, v: val Φ: val -d> iPropO Σ
protocol_agreement v AD Φ
⊣⊢ (∃ (op : Binop) (ab : val) (eler : Expr ()),
⌜v = args op a b⌝
∗ (verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
∗ (∀x : val,
verification.represents γ ℓₓ nᵣ x
(Node () op el er) -∗ Φ x))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ, v: val Φ: val -d> iPropO Σ
protocol_agreement v AD Φ
⊣⊢ (∃ (op : Binop) (ab : val) (eler : Expr ()),
⌜v = args op a b⌝
∗ (verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
∗ (∀x : val,
verification.represents γ ℓₓ nᵣ x
(Node () op el er) -∗ Φ x))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ, v: val Φ: val -d> iPropO Σ
(∃.. x : [tele (_ : Binop) (_ _ : val) (_ _ : Expr ())],
⌜v =
tele_app
(λ (x0 : Binop) (x1x2 : val) (__ : Expr ()),
(to_val x0, (x1, x2))%V) x⌝
∗ tele_app
(λ (_ : Binop) (x1x2 : val) (x3x4 : Expr ()),
unseal uPred_sep_aux (iResUR Σ)
(verification.represents γ ℓₓ nᵣ x1 x3)
(verification.represents γ ℓₓ nᵣ x2 x4)) x
∗ (∀.. y : [tele _ : val], tele_app
(tele_app
(λ (x0 : Binop)
(__ : val)
(x3x4 : Expr ())
(x5 : val),
unseal
uPred_exist_aux
(iResUR Σ) val
(λa : val,
∃b : val,
is_entry
γ x5
(x0, a,
b)
∗ (fix
represents
(u : val)
(e :
Expr
())
{struct
e} :
iProp
Σ :=
match
e
with
| Oₑ =>
⌜u =
a₀⌝
| Iₑ =>
⌜u =
a₁⌝
| Leaf
_ _ =>
⌜u =
InjRV
(nᵣ,
#ℓₓ)⌝
| Node
_ op
el er =>
∃a0b0 : val,
is_entry
γ u
(op,
a0,
b0)
∗
represents
a0 el
∗
represents
b0 er
end)
a x3
∗ (fix
represents
(u : val)
(e :
Expr
())
{struct
e} :
iProp
Σ :=
match
e
with
| Oₑ =>
⌜u =
a₀⌝
| Iₑ =>
⌜u =
a₁⌝
| Leaf
_ _ =>
⌜u =
InjRV
(nᵣ,
#ℓₓ)⌝
| Node
_ op
el er =>
∃a0b0 : val,
is_entry
γ u
(op,
a0,
b0)
∗
represents
a0 el
∗
represents
b0 er
end)
b x4))
x) y
-∗ Φ
(tele_app
(tele_app
(λ (_ : Binop)
(__ : val)
(__ : Expr
())
(x5 : val),
x5) x) y)))
⊣⊢ (∃ (op : Binop) (ab : val) (eler : Expr ()),
⌜v = args op a b⌝
∗ (verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
∗ (∀x : val,
verification.represents γ ℓₓ nᵣ x
(Node () op el er) -∗ Φ x))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr ()
implements_expr a el
-∗ implements_expr b er
-∗ EWP perform op a b
@ E <| AD |> {{ x, implements_expr x
(Node () op el er) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr ()
implements_expr a el
-∗ implements_expr b er
-∗ EWP perform op a b
@ E <| AD |> {{ x, implements_expr x
(Node () op el er) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr ()
"Ha" : implements_expr a el
"Hb" : implements_expr b er
--------------------------------------∗
EWP perform op a b
@ E <| AD |> {{ x, implements_expr x
(Node () op el er) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr ()
"Ha" : implements_expr a el
"Hb" : implements_expr b er
--------------------------------------∗
EWP (λ: "a""b", do:(to_val op, ("a", "b")))%V a b
@ E <| AD |> {{ x, implements_expr x
(Node () op el er) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr ()
"Ha" : implements_expr a el
"Hb" : implements_expr b er
--------------------------------------∗
EWP Eff (to_val op, (a, b)) EmptyCtx
@ E <| AD |> {{ x, ∃ab : val,
is_entry γ x (op, a, b)
∗ implements_expr a el
∗ implements_expr b er }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr ()
"Ha" : implements_expr a el
"Hb" : implements_expr b er
--------------------------------------∗
protocol_agreement (to_val op, (a, b)) AD
(λw : val,
▷ EWP fill EmptyCtx w
@ E <| AD |> {{ x, ∃ab : val,
is_entry γ x (op, a, b)
∗ implements_expr a el
∗ implements_expr b er }})
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr ()
"Ha" : implements_expr a el
"Hb" : implements_expr b er
--------------------------------------∗
∃ (op0 : Binop) (a0b0 : val) (el0er0 : Expr ()),
⌜(to_val op, (a, b))%V = args op0 a0 b0⌝
∗ (verification.represents γ ℓₓ nᵣ a0 el0
∗ verification.represents γ ℓₓ nᵣ b0 er0)
∗ (∀x : val,
verification.represents γ ℓₓ nᵣ x
(Node () op0 el0 er0)
-∗ ▷ EWP fill EmptyCtx x
@ E <| AD |> {{ x0, ∃ab : val,
is_entry γ x0
(op, a, b)
∗ implements_expr
a el
∗ implements_expr
b er }})
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr ()
"Ha" : implements_expr a el
"Hb" : implements_expr b er
--------------------------------------∗
⌜(to_val op, (a, b))%V = args op a b⌝
∗ (verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
∗ (∀x : val,
verification.represents γ ℓₓ nᵣ x
(Node () op el er)
-∗ ▷ EWP fill EmptyCtx x
@ E <| AD |> {{ x0, ∃ab : val,
is_entry γ x0
(op, a, b)
∗ implements_expr a
el
∗ implements_expr
b er }})
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr ()
--------------------------------------∗
⌜(to_val op, (a, b))%V = args op a b⌝
∗ (∀x : val,
verification.represents γ ℓₓ nᵣ x
(Node () op el er)
-∗ ▷ EWP fill EmptyCtx x
@ E <| AD |> {{ x0, ∃ab : val,
is_entry γ x0
(op, a, b)
∗ implements_expr a el
∗ implements_expr b
er }})
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr ()
--------------------------------------∗
∀x : val,
verification.represents γ ℓₓ nᵣ x (Node () op el er)
-∗ ▷ EWP fill EmptyCtx x
@ E <| AD |> {{ x0, ∃ab : val,
is_entry γ x0 (op, a, b)
∗ implements_expr a el
∗ implements_expr b er }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr () x: val
"Hx" : verification.represents γ ℓₓ nᵣ x
(Node () op el er)
--------------------------------------∗
▷ EWP fill EmptyCtx x
@ E <| AD |> {{ x, ∃ab : val,
is_entry γ x (op, a, b)
∗ implements_expr a el
∗ implements_expr b er }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr () x: val
"Hx" : verification.represents γ ℓₓ nᵣ x
(Node () op el er)
--------------------------------------∗
EWP fill EmptyCtx x
@ E <| AD |> {{ x, ∃ab : val,
is_entry γ x (op, a, b)
∗ implements_expr a el
∗ implements_expr b er }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset op: Binop a, b: val el, er: Expr () x: val
"Hx" : verification.represents γ ℓₓ nᵣ x
(Node () op el er)
--------------------------------------∗
∃ab : val,
is_entry γ x (op, a, b)
∗ implements_expr a el ∗ implements_expr b er
iFrame.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset a, b: val el, er: Expr ()
implements_expr a el
-∗ implements_expr b er
-∗ EWP add a b
@ E <| AD |> {{ x, implements_expr x (el +ₑ er) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset a, b: val el, er: Expr ()
implements_expr a el
-∗ implements_expr b er
-∗ EWP add a b
@ E <| AD |> {{ x, implements_expr x (el +ₑ er) }}
apply (perform_spec E Add).Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset a, b: val el, er: Expr ()
implements_expr a el
-∗ implements_expr b er
-∗ EWP mul a b
@ E <| AD |> {{ x, implements_expr x (el ×ₑ er) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val E: coPset a, b: val el, er: Expr ()
implements_expr a el
-∗ implements_expr b er
-∗ EWP mul a b
@ E <| AD |> {{ x, implements_expr x (el ×ₑ er) }}
apply (perform_spec E Mul).Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val
⊢ implements_expr a₀ (Oₑ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val
⊢ implements_expr a₀ (Oₑ)
by iPureIntro.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val
⊢ implements_expr a₁ (Iₑ)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v, l: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr ()
letϱ :=
((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]} in
verification.forward_inv γ ℓₓ r nᵣ K
-∗ verification.represents γ ℓₓ nᵣ u eᵤ
-∗ EWP get_val u
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ
K ∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr ()
letϱ :=
((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]} in
verification.forward_inv γ ℓₓ r nᵣ K
-∗ verification.represents γ ℓₓ nᵣ u eᵤ
-∗ EWP get_val u
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ
K ∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP get_val u
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP get_val u
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP get_val u
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hcases: u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ u = a₀ ∨ u = a₁
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP get_val u
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hcases: u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ u = a₀ ∨ u = a₁
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP (λ: "x",
match: "x"with
InjL "x" =>
match: "x"with
InjL <> => nzero
| InjR <> => none
end
| InjR "x" => Fst "x"end)%V u
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hcases: u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ u = a₀ ∨ u = a₁
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP match: u with
InjL "x" =>
match: "x"with
InjL <> => nzero
| InjR <> => none
end
| InjR "x" => Fst "x"end
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hu: u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP match: u with
InjL "x" =>
match: "x"with
InjL <> => nzero
| InjR <> => none
end
| InjR "x" => Fst "x"end
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hu: u = a₀
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hu" : verification.represents γ ℓₓ nᵣ a₀ eᵤ
--------------------------------------∗
EWP match: a₀ with
InjL "x" =>
match: "x"with
InjL <> => nzero
| InjR <> => none
end
| InjR "x" => Fst "x"end
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) a₀) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hu: u = a₁
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hu" : verification.represents γ ℓₓ nᵣ a₁ eᵤ
--------------------------------------∗
EWP match: a₁ with
InjL "x" =>
match: "x"with
InjL <> => nzero
| InjR <> => none
end
| InjR "x" => Fst "x"end
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) a₁) }}
(* TODO: cleanup. *)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hu: u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP match: u with
InjL "x" =>
match: "x"with
InjL <> => nzero
| InjR <> => none
end
| InjR "x" => Fst "x"end
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hu: u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
_ : is_current_context γ K
_ : ⌜∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[a₀; a₁; InjRV (nᵣ, #ℓₓ)]}⌝
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP match: u with
InjL "x" =>
match: "x"with
InjL <> => nzero
| InjR <> => none
end
| InjR "x" => Fst "x"end
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hu: u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)] i: nat Hi: (defs K ++ [InjRV (nᵣ, #ℓₓ)]) !! i = Some u
_ : is_current_context γ K
_ : ⌜∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[a₀; a₁; InjRV (nᵣ, #ℓₓ)]}⌝
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP match: u with
InjL "x" =>
match: "x"with
InjL <> => nzero
| InjR <> => none
end
| InjR "x" => Fst "x"end
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hu: u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)] i: nat Hi: (defs K ++ [InjRV (nᵣ, #ℓₓ)]) !! i = Some u
_ : is_current_context γ K
_ : ⌜∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[a₀; a₁; InjRV (nᵣ, #ℓₓ)]}⌝
"Hheap" : (∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝)
∗ ([∗ list] k↦y ∈ (defs K ++
[InjRV (nᵣ, #ℓₓ)]), ⌜
k ≠ i⌝
→
∃ (v : val)
(ℓ : loc),
implements
v
(((((λ_ : val,
r)
.{[ a₀
:= Oᵣ]})
.{[ a₁
:= Iᵣ]})
.{[ K]})
y)
∗
ℓ ↦ nzero
∗ ⌜
y =
InjRV
(v,
#ℓ)⌝)
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP match: u with
InjL "x" =>
match: "x"with
InjL <> => nzero
| InjR <> => none
end
| InjR "x" => Fst "x"end
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context u: val eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K Hu: u ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)] i: nat Hi: (defs K ++ [InjRV (nᵣ, #ℓₓ)]) !! i = Some u
_ : is_current_context γ K
_ : ⌜∀u : val,
u ∈ defs K
→ vars (LetK .in u)
⊆ {[a₀; a₁; InjRV (nᵣ, #ℓₓ)]}⌝
"Hu'" : ∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hheap" : [∗ list] k↦y ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
⌜k ≠ i⌝
→ ∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) y)
∗ ℓ ↦ nzero ∗ ⌜y = InjRV (v, #ℓ)⌝
"Hu" : verification.represents γ ℓₓ nᵣ u eᵤ
--------------------------------------∗
EWP match: u with
InjL "x" =>
match: "x"with
InjL <> => nzero
| InjR <> => none
end
| InjR "x" => Fst "x"end
<| Ψ |> {{ v, verification.forward_inv γ ℓₓ r nᵣ K
∗ implements v ((ϱ .{[ K]}) u) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context eᵤ: Expr () ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R Ha₀: a₀ ∉ defs K Ha₁: a₁ ∉ defs K v: val ℓ: loc Hu: InjRV (v, #ℓ) ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)] i: nat Hi: (defs K ++ [InjRV (nᵣ, #ℓₓ)]) !! i =
Some (InjRV (v, #ℓ))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc
letϱ :=
((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]} inletϑ := ϱ .{[ K₁]} in
x = InjRV (v, #ℓ)
→ verification.mapsto_diff r K₁ K₂ y x
-∗ EWP get_diff x
<| Ψ |> {{ d, verification.mapsto_diff r K₁ K₂ y
x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ϑ)⌝) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc
letϱ :=
((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]} inletϑ := ϱ .{[ K₁]} in
x = InjRV (v, #ℓ)
→ verification.mapsto_diff r K₁ K₂ y x
-∗ EWP get_diff x
<| Ψ |> {{ d, verification.mapsto_diff r K₁ K₂ y
x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ϑ)⌝) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ)
"Hx" : verification.mapsto_diff r K₁ K₂ y x
--------------------------------------∗
EWP get_diff x
<| Ψ |> {{ d, verification.mapsto_diff r K₁ K₂ y x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R H: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP get_diff x
<| Ψ |> {{ d, verification.mapsto_diff r K₁ K₂ y x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP get_diff x
<| Ψ |> {{ d, verification.mapsto_diff r K₁ K₂ y x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP (λ: "x",
match: "x"with
InjL <> => #() #()
| InjR "x" => ! (Snd "x")
end)%V x
<| Ψ |> {{ d, verification.mapsto_diff r K₁ K₂ y x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP match: x with
InjL <> => #() #()
| InjR "x" => ! (Snd "x")
end
<| Ψ |> {{ d, verification.mapsto_diff r K₁ K₂ y x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP match: InjRV (v, #ℓ) with
InjL <> => #() #()
| InjR "x" => ! (Snd "x")
end
<| Ψ |> {{ d, verification.mapsto_diff r K₁ K₂ y x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP ! #ℓ
<| Ψ |> {{ d, verification.mapsto_diff r K₁ K₂ y x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
∀v : val,
(λv' : val, ⌜v' = d⌝ ∗ ℓ ↦ d) v
={⊤}=∗ verification.mapsto_diff r K₁ K₂ y x
∗ (∃s : R,
implements v s
∗ ⌜s =ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
|={⊤}=> verification.mapsto_diff r K₁ K₂ y x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
verification.mapsto_diff r K₁ K₂ y x
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
verification.mapsto_diff r K₁ K₂ y x
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
∃s : R,
implements d s
∗ ⌜s =ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
verification.mapsto_diff r K₁ K₂ y x
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R v': val ℓ': loc Hx: InjRV (v', #ℓ') = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v', #ℓ')
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v', #ℓ')
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ' ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R v': val ℓ': loc Hx: InjRV (v', #ℓ') = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v', #ℓ')
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]})) H0: v' = v H1: ℓ' = ℓ
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v, #ℓ)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v, #ℓ)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v, #ℓ)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v, #ℓ)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v, #ℓ)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
byauto.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
∃s : R,
implements d s
∗ ⌜s =ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
∃s : R,
implements d s
∗ ⌜s =ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
implements d s ∗ ⌜s =ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁, K₂: context y, x, v: val ℓ: loc ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁]}: val → R Hx: x = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))
"Hs" : implements d s
--------------------------------------□
implements d s
∗ ⌜s =ᵣ (∂ LetK₂ .in y ./ ∂ x .at (ϱ .{[ K₁]}))⌝
by iSplit.}Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () x, v: val ℓ: loc d, i: val s, ds: R
x = InjRV (v, #ℓ)
→ ℓ ↦ d
-∗ implements d s
-∗ implements i ds
-∗ EWP update x i
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d
∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () x, v: val ℓ: loc d, i: val s, ds: R
x = InjRV (v, #ℓ)
→ ℓ ↦ d
-∗ implements d s
-∗ implements i ds
-∗ EWP update x i
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d
∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP update (InjRV (v, #ℓ)) i
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d ∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP (λ: "x""incr",
match: "x"with
InjL <> => #()
| InjR "x" =>
let: "xd" := Snd "x"in"xd" <- nadd ! "xd""incr"end)%V (InjRV (v, #ℓ)) i
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d ∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP #ℓ <- nadd ! #ℓ i
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d ∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP ! #ℓ
<| Ψ |> {{ v, EWP fill
(ConsCtx (StoreRCtx #ℓ)
(ConsCtx (AppLCtx i)
(ConsCtx (AppRCtx nadd)
EmptyCtx))) v
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d
∗ implements d (s +ᵣ ds) }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
∀v : val,
(λv' : val, ⌜v' = d⌝ ∗ ℓ ↦ d) v
={⊤}=∗ EWP fill
(ConsCtx (StoreRCtx #ℓ)
(ConsCtx (AppLCtx i)
(ConsCtx (AppRCtx nadd) EmptyCtx)))
v
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d
∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
|={⊤}=> EWP fill
(ConsCtx (StoreRCtx #ℓ)
(ConsCtx (AppLCtx i)
(ConsCtx (AppRCtx nadd) EmptyCtx)))
d
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d ∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP fill
(ConsCtx (StoreRCtx #ℓ)
(ConsCtx (AppLCtx i)
(ConsCtx (AppRCtx nadd) EmptyCtx))) d
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d ∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP #ℓ <- nadd d i
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d ∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
(#ℓ <- nadd d i)%E = fill_item (StoreRCtx ?e1) ?Goal
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP ?Goal
<| Ψ |> {{ v0, EWP fill_item (StoreRCtx ?e1) v0
<| Ψ |> {{ _,
∃d : val,
ℓ ↦ d ∗ implements d (s +ᵣ ds) }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP nadd d i
<| Ψ |> {{ v, EWP fill_item (StoreRCtx #ℓ) v
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d
∗ implements d (s +ᵣ ds) }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∀v : val,
(λx : val, implements x (s +ᵣ ds)) v
={⊤}=∗ EWP fill_item (StoreRCtx #ℓ) v
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d
∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R w: val
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hw" : implements w (s +ᵣ ds)
--------------------------------------∗
|={⊤}=> EWP fill_item (StoreRCtx #ℓ) w
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d ∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R w: val
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hw" : implements w (s +ᵣ ds)
--------------------------------------∗
EWP fill_item (StoreRCtx #ℓ) w
<| Ψ |> {{ _, ∃d : val,
ℓ ↦ d ∗ implements d (s +ᵣ ds) }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R w: val
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hw" : implements w (s +ᵣ ds)
--------------------------------------∗
∀v : val,
(λ_ : val, ℓ ↦ w) v
={⊤}=∗ ∃d : val, ℓ ↦ d ∗ implements d (s +ᵣ ds)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R w, u: val
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hw" : implements w (s +ᵣ ds)
"Hℓ" : ℓ ↦ w
--------------------------------------∗
|={⊤}=> ∃d : val, ℓ ↦ d ∗ implements d (s +ᵣ ds)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () v: val ℓ: loc d, i: val s, ds: R w, u: val
"Hd" : implements d s
"Hi" : implements i ds
--------------------------------------□
"Hw" : implements w (s +ᵣ ds)
"Hℓ" : ℓ ↦ w
--------------------------------------∗
∃d : val, ℓ ↦ d ∗ implements d (s +ᵣ ds)
byeauto.Qed.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () x, w, i: val
x = InjLV w → ⊢ EWP update x i <| Ψ |> {{ _, True }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () x, w, i: val
x = InjLV w → ⊢ EWP update x i <| Ψ |> {{ _, True }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () w, i: val
⊢ EWP update (InjLV w) i <| Ψ |> {{ _, True }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () w, i: val
by ewp_pure_steps.Qed.(* This lemma will be useful in the verification of the return branch. *)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr ()
e =ₑ s
→ verification.forward_inv γ ℓₓ r nᵣ K
-∗ verification.represents γ ℓₓ nᵣ y s
-∗ EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r
nᵣ e K [] y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr ()
e =ₑ s
→ verification.forward_inv γ ℓₓ r nᵣ K
-∗ verification.represents γ ℓₓ nᵣ y s
-∗ EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r
nᵣ e K [] y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hy" : verification.represents γ ℓₓ nᵣ y s
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}))
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hy" : verification.represents γ ℓₓ nᵣ y s
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hcases: y ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ y = a₀ ∨ y = a₁
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hy" : verification.represents γ ℓₓ nᵣ y s
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hcases: y ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ y = a₀ ∨ y = a₁ HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)])
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hy" : verification.represents γ ℓₓ nᵣ y s
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hcases: y ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ y = a₀ ∨ y = a₁ HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)]) Hdefs: ∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K
"Hy" : verification.represents γ ℓₓ nᵣ y s
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hcases: y ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ y = a₀ ∨ y = a₁ HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)]) Hdefs: ∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
"Hy" : verification.represents γ ℓₓ nᵣ y s
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hcases: y ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
∨ y = a₀ ∨ y = a₁ HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)]) Hdefs: ∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hin: y ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)] HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)]) Hdefs: ∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hy: y = a₀ ∨ y = a₁ HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)]) Hdefs: ∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"Hheap" : [∗ list] u ∈
(defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hin: y ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)] HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)]) Hdefs: ∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hin: y ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)] HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)]) Hdefs: ∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) i: nat Hi: (defs K ++ [InjRV (nᵣ, #ℓₓ)]) !! i = Some y
"Hheap" : [∗ list] u ∈ (defs K ++ [InjRV (nᵣ, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) u)
∗ ℓ ↦ nzero ∗ ⌜u = InjRV (v, #ℓ)⌝
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hin: y ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)] HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)]) Hdefs: ∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) i: nat Hi: (defs K ++ [InjRV (nᵣ, #ℓₓ)]) !! i = Some y
"Hheap" : (∃ (v : val) (ℓ : loc),
implements v
(((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]}) .{[ K]}) y)
∗ ℓ ↦ nzero ∗ ⌜y = InjRV (v, #ℓ)⌝)
∗ ([∗ list] k↦y ∈ (defs K ++
[InjRV (nᵣ, #ℓₓ)]), ⌜
k ≠ i⌝
→
∃ (v : val)
(ℓ : loc),
implements
v
(((((λ_ : val,
r)
.{[ a₀
:= Oᵣ]})
.{[ a₁
:= Iᵣ]})
.{[ K]})
y)
∗
ℓ ↦ nzero
∗ ⌜
y =
InjRV
(v,
#ℓ)⌝)
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, verification.backward_inv ℓₓ r nᵣ e K []
y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hin: y ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)] HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)]) Hdefs: ∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) i: nat Hi: (defs K ++ [InjRV (nᵣ, #ℓₓ)]) !! i = Some y
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K: context y: val s: Expr () He: e =ₑ s Hs: (∂ s ./ ∂ () .at (λ_ : (), r)) =
(∂ LetK .in y ./ ∂ InjRV (nᵣ, #ℓₓ)
.at (((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})) Hy: y = a₀ ∨ y = a₁ HND: NoDup (defs K ++ [InjRV (nᵣ, #ℓₓ)]) Hdefs: ∀a : val,
a ∈ defs K ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) v: val k: nat ℓ'': loc w: val Hk: (defs K ++ [InjRV (nᵣ, #ℓₓ)]) !! k =
Some (InjRV (w, #ℓ''))
InjRV (w, #ℓ'') ≠ y
bydestruct Hy as [Hy|Hy]; rewrite Hy.}Qed.Sectionupdate_twice_spec.Add RingLocalRing : is_semi_ring.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R
letϱ :=
((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]} inletϑ := ϱ .{[ K₁ ++ [(x, (op, a, b))]]} in
x ≠ a
→ x ≠ b
→ da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b ×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))
→ db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))
→ implements ia da
-∗ implements ib db
-∗ verification.both_mapto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a b
-∗ EWP update a ia;; update b ib
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b))
:: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R
letϱ :=
((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]} inletϑ := ϱ .{[ K₁ ++ [(x, (op, a, b))]]} in
x ≠ a
→ x ≠ b
→ da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b ×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))
→ db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))
→ implements ia da
-∗ implements ib db
-∗ verification.both_mapto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a b
-∗ EWP update a ia;; update b ib
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b))
:: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))
implements ia da
-∗ implements ib db
-∗ verification.both_mapto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a b
-∗ EWP update a ia;; update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r
K₁ ((x, (op, a, b)) :: K₂) y
a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
verification.both_mapto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a b
-∗ EWP update a ia;; update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) H: (∃w : val, a = InjLV w)
∨ (∃ (n : val) (ℓ : loc), a = InjRV (n, #ℓ))
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update a ia;; update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Ha: (∃w : val, a = InjLV w)
∨ (∃ (n : val) (ℓ : loc), a = InjRV (n, #ℓ))
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update a ia;; update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Ha: (∃w : val, a = InjLV w)
∨ (∃ (n : val) (ℓ : loc), a = InjRV (n, #ℓ))
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update a ia
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, update b ib)) v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update a ia
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, update b ib)) v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update a ia
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, update b ib)) v
<| Ψ |> {{ _,
verification.both_mapto_diff r
K₁
((x, (op, a, b)) :: K₂) y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update a ia
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, update b ib)) v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
∀v : val,
(λ_ : val, True) v
={⊤}=∗ EWP fill_item (AppRCtx (λ: <>, update b ib))
v
<| Ψ |> {{ _, verification.both_mapto_diff r
K₁ ((x, (op, a, b)) :: K₂) y
a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
|={⊤}=> EWP fill_item (AppRCtx (λ: <>, update b ib))
v'
<| Ψ |> {{ _, verification.both_mapto_diff r
K₁ ((x, (op, a, b)) :: K₂) y a
b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP fill_item (AppRCtx (λ: <>, update b ib)) v'
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP v';; update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP λ: <>, update b ib
<| Ψ |> {{ v, EWP fill_item (AppLCtx v') v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP (λ: <>, update b ib)%V
<| Ψ |> {{ v, EWP fill_item (AppLCtx v') v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP fill_item (AppLCtx v') (λ: <>, update b ib)%V
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP (λ: <>, update b ib)%V v'
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP subst' <> v'
(subst' <> (λ: <>, update b ib) (update b ib))
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
--------------------------------------∗
EWP update a ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val Hab: a ≠ b
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
--------------------------------------∗
EWP update a ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
--------------------------------------∗
∀v : val,
(λ_ : val, True) v
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
--------------------------------------∗
|={⊤}=> verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a w: val Ha: a = InjLV w v': val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
--------------------------------------∗
verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val Hab: a ≠ b
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val Hab: a ≠ b
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val Hab: a ≠ b H: (∃w : val, b = InjLV w)
∨ (∃ (n : val) (ℓ : loc), b = InjRV (n, #ℓ))
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w v': val Hab: a ≠ b Hb: (∃w : val, b = InjLV w)
∨ (∃ (n : val) (ℓ : loc), b = InjRV (n, #ℓ))
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b Hb: (∃w : val, b = InjLV w)
∨ (∃ (n : val) (ℓ : loc), b = InjRV (n, #ℓ))
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b w': val Hb: b = InjLV w'
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ')
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b w': val Hb: b = InjLV w'
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b w': val Hb: b = InjLV w'
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
∀v : val,
(λ_ : val, True) v
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b w': val Hb: b = InjLV w'
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
|={⊤}=> verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b w': val Hb: b = InjLV w'
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ')
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ')
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d: val s: R H: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d s
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hℓ'" : ℓ' ↦ d
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d s
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hℓ'" : ℓ' ↦ d
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d s
--------------------------------------□
"Hℓ'" : ℓ' ↦ d
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d s
--------------------------------------□
∀v : val,
(λ_ : val,
∃d : val, ℓ' ↦ d ∗ implements d (s +ᵣ db)) v
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d s
--------------------------------------□
(∃d : val, ℓ' ↦ d ∗ implements d (s +ᵣ db))
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
(∃d : val, ℓ' ↦ d ∗ implements d (s +ᵣ db))
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
(∃d : val, ℓ' ↦ d ∗ implements d (s +ᵣ db))
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ db)
--------------------------------------□
"Hℓ'" : ℓ' ↦ d
--------------------------------------∗
|={⊤}=> verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ db)
--------------------------------------□
"Hℓ'" : ℓ' ↦ d
--------------------------------------∗
verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d, v: val ℓ: loc H: b = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ db)
--------------------------------------□
"Hℓ'" : ℓ' ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d, v: val ℓ: loc H: b = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ db)
--------------------------------------□
"Hℓ'" : ℓ' ↦ d
--------------------------------------∗
implements d (s +ᵣ db)
∗ ⌜(s +ᵣ db) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d, v: val ℓ: loc H: b = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ db)
--------------------------------------□
"Hℓ'" : ℓ' ↦ d
--------------------------------------∗
⌜(s +ᵣ db) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d, v: val ℓ: loc H: b = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ db)
--------------------------------------□
⌜(s +ᵣ db) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d, v: val ℓ: loc H: b = InjRV (v, #ℓ)
(s +ᵣ db) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d, v: val ℓ: loc H: b = InjRV (v, #ℓ)
((∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) +ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else (ϱ .{[ K₁]}) a ×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d, v: val ℓ: loc H: b = InjRV (v, #ℓ)
((∂ LetK₂ .in y ./ ∂ b
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})) +ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else (ϱ .{[ K₁]}) a ×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ b
.at (ϱ .{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d, v: val ℓ: loc H: b = InjRV (v, #ℓ)
((∂ LetK₂ .in y ./ ∂ b
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})))) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ b
.at (ϱ .{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d, v: val ℓ: loc H: b = InjRV (v, #ℓ)
((∂ LetK₂ .in y ./ ∂ b
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})))) =ᵣ
((∂ LetK₂ .in y ./ ∂ b
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]}))
×ᵣ (∂ Node val op (Leaf val a) (Leaf val b) ./ ∂ b
.at (ϱ .{[ K₁]})))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) w: val Ha: a = InjLV w Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d, v: val ℓ: loc H: b = InjRV (v, #ℓ)
((∂ LetK₂ .in y ./ ∂ b
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a)
((ϱ .{[ K₁]}) b)]})))) =ᵣ
((∂ LetK₂ .in y ./ ∂ b
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]}))
×ᵣ match op with
| Add =>
(if decide (b = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (b = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (b = a) then Iᵣ else Oᵣ)
×ᵣ (ϱ .{[ K₁]}) b +ᵣ
(ϱ .{[ K₁]}) a
×ᵣ (if decide (b = b) then Iᵣ else Oᵣ)
end)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update a ia
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, update b ib)) v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Ha" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y a
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update a ia
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, update b ib)) v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) d: val s: R H: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d s
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP update a ia
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, update b ib)) v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d s
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP update a ia
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, update b ib)) v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d s
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
∀v : val,
(λ_ : val,
∃d : val, ℓ ↦ d ∗ implements d (s +ᵣ da)) v
={⊤}=∗ EWP fill_item (AppRCtx (λ: <>, update b ib))
v
<| Ψ |> {{ _, verification.both_mapto_diff r
K₁ ((x, (op, a, b)) :: K₂) y
a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d s
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
(∃d : val, ℓ ↦ d ∗ implements d (s +ᵣ da))
={⊤}=∗ EWP fill_item (AppRCtx (λ: <>, update b ib)) w
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) d: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w: val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
(∃d : val, ℓ ↦ d ∗ implements d (s +ᵣ da))
={⊤}=∗ EWP fill_item (AppRCtx (λ: <>, update b ib)) w
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w: val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
(∃d : val, ℓ ↦ d ∗ implements d (s +ᵣ da))
={⊤}=∗ EWP fill_item (AppRCtx (λ: <>, update b ib)) w
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
|={⊤}=> EWP fill_item (AppRCtx (λ: <>, update b ib)) w
<| Ψ |> {{ _, verification.both_mapto_diff r
K₁ ((x, (op, a, b)) :: K₂) y a
b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP fill_item (AppRCtx (λ: <>, update b ib)) w
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP w;; update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP λ: <>, update b ib
<| Ψ |> {{ v, EWP fill_item (AppLCtx w) v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP (λ: <>, update b ib)%V
<| Ψ |> {{ v, EWP fill_item (AppLCtx w) v
<| Ψ |> {{ _, verification.both_mapto_diff
r K₁
((x, (op, a, b)) :: K₂)
y a b }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP fill_item (AppLCtx w) (λ: <>, update b ib)%V
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP subst' <> w
(subst' <> (λ: <>, update b ib) (update b ib))
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP update a ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP update a ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
--------------------------------------∗
∀v : val,
(λ_ : val,
∃d : val, ℓ ↦ d ∗ implements d ((s +ᵣ da) +ᵣ db))
v
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) d, w: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
--------------------------------------∗
(∃d : val, ℓ ↦ d ∗ implements d ((s +ᵣ da) +ᵣ db))
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) d, w: val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
--------------------------------------∗
(∃d : val, ℓ ↦ d ∗ implements d ((s +ᵣ da) +ᵣ db))
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w: val
"Hia" : implements ia da
"Hib" : implements ib db
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
--------------------------------------∗
(∃d : val, ℓ ↦ d ∗ implements d ((s +ᵣ da) +ᵣ db))
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
|={⊤}=> verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
verification.both_mapto_diff r K₁
((x, (op, a, a)) :: K₂) y a a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
is_adj_var a
∗ verification.mapsto_diff r K₁
((x, (op, a, a)) :: K₂) y a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
verification.mapsto_diff r K₁ ((x, (op, a, a)) :: K₂)
y a
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d, v': val ℓ': loc H: a = InjRV (v', #ℓ')
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ' ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d, v': val ℓ': loc H: a = InjRV (v', #ℓ')
v' = v
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val ℓ': loc H: a = InjRV (v, #ℓ')
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ' ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d, v': val ℓ': loc H: a = InjRV (v', #ℓ')
v' = v
bysimplify_eq.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val ℓ': loc H: a = InjRV (v, #ℓ')
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ' ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val ℓ': loc H: a = InjRV (v, #ℓ')
ℓ' = ℓ
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val ℓ': loc H: a = InjRV (v, #ℓ')
ℓ' = ℓ
bysimplify_eq.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
implements d ((s +ᵣ da) +ᵣ db)
∗ ⌜((s +ᵣ da) +ᵣ db) =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
"Hℓ" : ℓ ↦ d
--------------------------------------∗
⌜((s +ᵣ da) +ᵣ db) =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d ((s +ᵣ da) +ᵣ db)
--------------------------------------□
"Hb" : ⌜a ≠ a⌝
-∗ is_adj_var a
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, a))]) K₂ y a
--------------------------------------∗
⌜((s +ᵣ da) +ᵣ db) =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
((s +ᵣ da) +ᵣ db) =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
(((∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) +ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a ×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))) +ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else (ϱ .{[ K₁]}) a ×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))) =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
(((∂ LetK₂ .in y ./ ∂ a
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})) +ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a ×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))) +ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else (ϱ .{[ K₁]}) a ×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))) =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at (ϱ .{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
(((∂ LetK₂ .in y ./ ∂ a
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})))) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})))) =ᵣ
(∂ Let (x, (op, a, a)) :: K₂ .in y ./ ∂ a
.at (ϱ .{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
(((∂ LetK₂ .in y ./ ∂ a
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})))) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, a))]]})))) =ᵣ
((∂ LetK₂ .in y ./ ∂ a
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) a)]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) a)]}))
×ᵣ (∂ Node val op (Leaf val a) (Leaf val a) ./ ∂ a
.at (ϱ .{[ K₁]})))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, a))]]}: val → R Hxa: x ≠ a Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ a v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, a))]]})) w, d: val H: a = InjRV (v, #ℓ)
(((∂ LetK₂ .in y ./ ∂ a
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) a)]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a)
((ϱ .{[ K₁]}) a)]})
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a)
((ϱ .{[ K₁]}) a)]})))) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) a)]})
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a)
((ϱ .{[ K₁]}) a)]})))) =ᵣ
((∂ LetK₂ .in y ./ ∂ a
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) a)]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) a)]}))
×ᵣ match op with
| Add =>
(if decide (a = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (a = a) then Iᵣ else Oᵣ)
| Mul =>
(if decide (a = a) then Iᵣ else Oᵣ)
×ᵣ (ϱ .{[ K₁]}) a +ᵣ
(ϱ .{[ K₁]}) a
×ᵣ (if decide (a = a) then Iᵣ else Oᵣ)
end)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hb" : ⌜a ≠ b⌝
-∗ is_adj_var b
∗ verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
"Hℓ" : ℓ ↦ d
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b H: (∃w : val, b = InjLV w)
∨ (∃ (n : val) (ℓ : loc), b = InjRV (n, #ℓ))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b Hb: (∃w : val, b = InjLV w)
∨ (∃ (n : val) (ℓ : loc), b = InjRV (n, #ℓ))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w'
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ')
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w'
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w'
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
∀v : val,
(λ_ : val, True) v
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w'
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
|={⊤}=> verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w'
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' w: val l: loc H: a = InjRV (w, #l)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ l ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' w: val l: loc H: a = InjRV (w, #l)
w = v
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' l: loc H: a = InjRV (v, #l)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ l ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' w: val l: loc H: a = InjRV (w, #l)
w = v
bysimplify_eq.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' l: loc H: a = InjRV (v, #l)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ l ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' l: loc H: a = InjRV (v, #l)
l = ℓ
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' l: loc H: a = InjRV (v, #l)
l = ℓ
bysimplify_eq.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∃ (d : val) (s : R),
implements d s
∗ ⌜s =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
implements d (s +ᵣ da)
∗ ⌜(s +ᵣ da) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
⌜(s +ᵣ da) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))⌝ ∗ ℓ ↦ d
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
⌜(s +ᵣ da) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))⌝
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
(s +ᵣ da) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
((∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁ ++ [(x, (op, a, b))]]})) +ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else (ϱ .{[ K₁]}) b ×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
((∂ LetK₂ .in y ./ ∂ a
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})) +ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else (ϱ .{[ K₁]}) b ×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ))) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at (ϱ .{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
((∂ LetK₂ .in y ./ ∂ a
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})))) =ᵣ
(∂ Let (x, (op, a, b)) :: K₂ .in y ./ ∂ a
.at (ϱ .{[ K₁]}))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
((∂ LetK₂ .in y ./ ∂ a
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at (ϱ .{[ K₁ ++ [(x, (op, a, b))]]})))) =ᵣ
((∂ LetK₂ .in y ./ ∂ a
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]}))
×ᵣ (∂ Node val op (Leaf val a) (Leaf val b) ./ ∂ a
.at (ϱ .{[ K₁]})))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b w': val Hb: b = InjLV w' H: a = InjRV (v, #ℓ)
((∂ LetK₂ .in y ./ ∂ a
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a)
((ϱ .{[ K₁]}) b)]})))) =ᵣ
((∂ LetK₂ .in y ./ ∂ a
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) a) ((ϱ .{[ K₁]}) b)]}))
×ᵣ match op with
| Add =>
(if decide (a = a) then Iᵣ else Oᵣ) +ᵣ
(if decide (a = b) then Iᵣ else Oᵣ)
| Mul =>
(if decide (a = a) then Iᵣ else Oᵣ)
×ᵣ (ϱ .{[ K₁]}) b +ᵣ
(ϱ .{[ K₁]}) a
×ᵣ (if decide (a = b) then Iᵣ else Oᵣ)
end)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ')
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ')
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hb" : verification.mapsto_diff r
(K₁ ++ [(x, (op, a, b))]) K₂ y b
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d': val s': R H: s' =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
"Hd'" : implements d' s'
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hℓ'" : ℓ' ↦ d'
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d': val s': R Hs': s' =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
"Hd'" : implements d' s'
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hℓ'" : ℓ' ↦ d'
--------------------------------------∗
EWP update b ib
<| Ψ |> {{ _, verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d': val s': R Hs': s' =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]}))
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
"Hd'" : implements d' s'
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
∀v : val,
(λ_ : val,
∃d : val, ℓ' ↦ d ∗ implements d (s' +ᵣ db)) v
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d': val s': R Hs': s' =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
"Hd'" : implements d' s'
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
(∃d : val, ℓ' ↦ d ∗ implements d (s' +ᵣ db))
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') d': val s': R Hs': s' =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
(∃d : val, ℓ' ↦ d ∗ implements d (s' +ᵣ db))
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s': R Hs': s' =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w: val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
--------------------------------------□
"Hℓ" : ℓ ↦ d
--------------------------------------∗
(∃d : val, ℓ' ↦ d ∗ implements d (s' +ᵣ db))
={⊤}=∗ verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s': R Hs': s' =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w, d': val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
"Hd'" : implements d' (s' +ᵣ db)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hℓ'" : ℓ' ↦ d'
--------------------------------------∗
|={⊤}=> verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop a, b, ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ϑ:= ϱ .{[ K₁ ++ [(x, (op, a, b))]]}: val → R Hxa: x ≠ a Hxb: x ≠ b Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) b
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) a
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) v: val ℓ: loc Ha: a = InjRV (v, #ℓ) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ a
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) d: val Hab: a ≠ b v': val ℓ': loc Hb: b = InjRV (v', #ℓ') s': R Hs': s' =ᵣ
(∂ LetK₂ .in y ./ ∂ b
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁ ++ [(x, (op, a, b))]]})) w, d': val
"Hia" : implements ia da
"Hib" : implements ib db
"Hd" : implements d (s +ᵣ da)
"Hd'" : implements d' (s' +ᵣ db)
--------------------------------------□
"Hℓ" : ℓ ↦ d
"Hℓ'" : ℓ' ↦ d'
--------------------------------------∗
verification.both_mapto_diff r K₁
((x, (op, a, b)) :: K₂) y a b
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ℓ0: loc v0: val Hxa: x ≠ InjRV (v0, #ℓ0) v': val ℓ': loc ϑ:= ϱ
.{[ K₁ ++
[(x, (op, InjRV (v0, #ℓ0), InjRV (v', #ℓ')))]]}: val → R Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) (InjRV (v', #ℓ'))
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) (InjRV (v0, #ℓ0))
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v0, #ℓ0)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})
.{[ K₁ ++
[(x,
(op, InjRV (v0, #ℓ0), InjRV (v', #ℓ')))]]})) d: val Hab: InjRV (v0, #ℓ0) ≠ InjRV (v', #ℓ') s': R Hs': s' =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v', #ℓ')
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})
.{[ K₁ ++
[(x,
(op, InjRV (v0, #ℓ0),
InjRV (v', #ℓ')))]]})) w, d': val
((∂ LetK₂ .in y ./ ∂ InjRV (v0, #ℓ0)
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))
((ϱ .{[ K₁]}) (InjRV (v', #ℓ')))]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))
((ϱ .{[ K₁]}) (InjRV (v', #ℓ')))]})
else
(ϱ .{[ K₁]}) (InjRV (v', #ℓ'))
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op
((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))
((ϱ .{[ K₁]}) (InjRV (v', #ℓ')))]})))) =ᵣ
((∂ LetK₂ .in y ./ ∂ InjRV (v0, #ℓ0)
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))
((ϱ .{[ K₁]}) (InjRV (v', #ℓ')))]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))
((ϱ .{[ K₁]}) (InjRV (v', #ℓ')))]}))
×ᵣ match op with
| Add =>
(if decide (InjRV (v0, #ℓ0) = InjRV (v0, #ℓ0))
then Iᵣ
else Oᵣ) +ᵣ
(if decide (InjRV (v0, #ℓ0) = InjRV (v', #ℓ'))
then Iᵣ
else Oᵣ)
| Mul =>
(if decide (InjRV (v0, #ℓ0) = InjRV (v0, #ℓ0))
then Iᵣ
else Oᵣ) ×ᵣ (ϱ .{[ K₁]}) (InjRV (v', #ℓ')) +ᵣ
(ϱ .{[ K₁]}) (InjRV (v0, #ℓ0))
×ᵣ (if
decide
(InjRV (v0, #ℓ0) = InjRV (v', #ℓ'))
then Iᵣ
else Oᵣ)
end)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R v: val ℓ, ℓ0: loc v0: val ϑ:= ϱ
.{[ K₁ ++
[(x, (op, InjRV (v, #ℓ), InjRV (v0, #ℓ0)))]]}: val → R Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) (InjRV (v0, #ℓ0))
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) (InjRV (v, #ℓ))
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxa: x ≠ InjRV (v, #ℓ) Hxb: x ≠ InjRV (v0, #ℓ0) s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v, #ℓ)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})
.{[ K₁ ++
[(x,
(op, InjRV (v, #ℓ), InjRV (v0, #ℓ0)))]]})) d: val Hab: InjRV (v, #ℓ) ≠ InjRV (v0, #ℓ0) s': R Hs': s' =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v0, #ℓ0)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})
.{[ K₁ ++
[(x,
(op, InjRV (v, #ℓ), InjRV (v0, #ℓ0)))]]})) w, d': val
((∂ LetK₂ .in y ./ ∂ InjRV (v0, #ℓ0)
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v, #ℓ)))
((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v, #ℓ)))
((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))]})
else
(ϱ .{[ K₁]}) (InjRV (v, #ℓ))
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op
((ϱ .{[ K₁]}) (InjRV (v, #ℓ)))
((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))]})))) =ᵣ
((∂ LetK₂ .in y ./ ∂ InjRV (v0, #ℓ0)
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v, #ℓ)))
((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v, #ℓ)))
((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))]}))
×ᵣ match op with
| Add =>
(if decide (InjRV (v0, #ℓ0) = InjRV (v, #ℓ))
then Iᵣ
else Oᵣ) +ᵣ
(if decide (InjRV (v0, #ℓ0) = InjRV (v0, #ℓ0))
then Iᵣ
else Oᵣ)
| Mul =>
(if decide (InjRV (v0, #ℓ0) = InjRV (v, #ℓ))
then Iᵣ
else Oᵣ) ×ᵣ (ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)) +ᵣ
(ϱ .{[ K₁]}) (InjRV (v, #ℓ))
×ᵣ (if
decide
(InjRV (v0, #ℓ0) = InjRV (v0, #ℓ0))
then Iᵣ
else Oᵣ)
end)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: list (val * (Binop * val * val)) K₂: context y, x: val op: Binop ia, ib: val da, db: R ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R ℓ0: loc v0: val Hxa: x ≠ InjRV (v0, #ℓ0) v': val ℓ': loc ϑ:= ϱ
.{[ K₁ ++
[(x, (op, InjRV (v0, #ℓ0), InjRV (v', #ℓ')))]]}: val → R Hda: da =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) (InjRV (v', #ℓ'))
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hdb: db =ᵣ
(if op
then ∂ LetK₂ .in y ./ ∂ x .at ϑ
else
(ϱ .{[ K₁]}) (InjRV (v0, #ℓ0))
×ᵣ (∂ LetK₂ .in y ./ ∂ x .at ϑ)) Hxb: x ≠ InjRV (v', #ℓ') s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v0, #ℓ0)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})
.{[ K₁ ++
[(x,
(op, InjRV (v0, #ℓ0), InjRV (v', #ℓ')))]]})) d: val Hab: InjRV (v0, #ℓ0) ≠ InjRV (v', #ℓ') s': R Hs': s' =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (v', #ℓ')
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]})
.{[ K₁ ++
[(x,
(op, InjRV (v0, #ℓ0),
InjRV (v', #ℓ')))]]})) w, d': val
((∂ LetK₂ .in y ./ ∂ InjRV (v0, #ℓ0)
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))
((ϱ .{[ K₁]}) (InjRV (v', #ℓ')))]})) +ᵣ
(if op
then
∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))
((ϱ .{[ K₁]}) (InjRV (v', #ℓ')))]})
else
(ϱ .{[ K₁]}) (InjRV (v', #ℓ'))
×ᵣ (∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op
((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))
((ϱ .{[ K₁]}) (InjRV (v', #ℓ')))]})))) =ᵣ
((∂ LetK₂ .in y ./ ∂ InjRV (v0, #ℓ0)
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))
((ϱ .{[ K₁]}) (InjRV (v', #ℓ')))]})) +ᵣ
(∂ LetK₂ .in y ./ ∂ x
.at ((ϱ .{[ K₁]}) .{[ x
:= denote op ((ϱ .{[ K₁]}) (InjRV (v0, #ℓ0)))
((ϱ .{[ K₁]}) (InjRV (v', #ℓ')))]}))
×ᵣ match op with
| Add =>
(if decide (InjRV (v0, #ℓ0) = InjRV (v0, #ℓ0))
then Iᵣ
else Oᵣ) +ᵣ
(if decide (InjRV (v0, #ℓ0) = InjRV (v', #ℓ'))
then Iᵣ
else Oᵣ)
| Mul =>
(if decide (InjRV (v0, #ℓ0) = InjRV (v0, #ℓ0))
then Iᵣ
else Oᵣ) ×ᵣ (ϱ .{[ K₁]}) (InjRV (v', #ℓ')) +ᵣ
(ϱ .{[ K₁]}) (InjRV (v0, #ℓ0))
×ᵣ (if
decide
(InjRV (v0, #ℓ0) = InjRV (v', #ℓ'))
then Iᵣ
else Oᵣ)
end)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: context f: val
EWP f (InjRV (nᵣ, #ℓₓ))
<| verification.AD γ ℓₓ nᵣ |> {{ y, ∃s : Expr (),
verification.represents
γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝ }}
-∗ verification.forward_inv γ ℓₓ r nᵣ K₁
-∗ EWP handle f (InjRV (nᵣ, #ℓₓ))
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: context f: val
EWP f (InjRV (nᵣ, #ℓₓ))
<| verification.AD γ ℓₓ nᵣ |> {{ y, ∃s : Expr (),
verification.represents
γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝ }}
-∗ verification.forward_inv γ ℓₓ r nᵣ K₁
-∗ EWP handle f (InjRV (nᵣ, #ℓₓ))
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: context f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R
EWP f (InjRV (nᵣ, #ℓₓ))
<| verification.AD γ ℓₓ nᵣ |> {{ y, ∃s : Expr (),
verification.represents
γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝ }}
-∗ verification.forward_inv γ ℓₓ r nᵣ K₁
-∗ EWP handle f (InjRV (nᵣ, #ℓₓ))
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: context f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R
"Hf" : EWP f (InjRV (nᵣ, #ℓₓ))
<| verification.AD γ ℓₓ nᵣ |> {{ y, ∃s : Expr
(),
verification.represents
γ ℓₓ nᵣ
y s
∗ ⌜e =ₑ s⌝ }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP handle f (InjRV (nᵣ, #ℓₓ))
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () K₁: context f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context y: val
"Hy" : ∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
▷ EWP (λ: "res", update "res" none)%V y
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context y: val
"Hy" : ∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP (λ: "res", update "res" none)%V y
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context y: val s: Expr () H: e =ₑ s
"Hs" : verification.represents γ ℓₓ nᵣ y s
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP (λ: "res", update "res" none)%V y
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context y: val s: Expr () He: e =ₑ s
"Hs" : verification.represents γ ℓₓ nᵣ y s
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP (λ: "res", update "res" none)%V y
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context y: val s: Expr () He: e =ₑ s
"Hs" : verification.represents γ ℓₓ nᵣ y s
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP update y none
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context y: val s: Expr () He: e =ₑ s
"Hs" : verification.represents γ ℓₓ nᵣ y s
--------------------------------------□
∀v : val,
(λ_ : val,
verification.backward_inv ℓₓ r nᵣ e K₁ [] y) v
={⊤}=∗ ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁ K₂ y
byeauto.
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context args, k: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context args, k: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context args, k: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context args, k: val
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr ()
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
"Hk" : ∀x : val,
verification.represents γ ℓₓ nᵣ x
(Node () op el er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
EWP let: "op" := Fst (args op a b) inlet: "a" := Fst (Snd (args op a b)) inlet: "b" := Snd (Snd (args op a b)) inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create (nadd "av""bv") in
k "x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr ()
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr ()
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
EWP let: "av" := get_val a inlet: "bv" := get_val b inmatch: to_val op with
InjL <> =>
let: "x" := create (nadd "av""bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr ()
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
EWP get_val a
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "av",
let: "bv" := get_val b inmatch: to_val op with
InjL <> =>
let: "x" := create
(nadd "av""bv") in
k "x";;
let: "xd" := get_diff
"x"in
update a "xd";;
update b "xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update a "ad";;
update b "bd"end)) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr ()
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
∀v : val,
(λv0 : val,
verification.forward_inv γ ℓₓ r nᵣ K₁
∗ implements v0
(((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}) a)) v
={⊤}=∗ EWP fill_item
(AppRCtx
(λ: "av",
let: "bv" := get_val b inmatch: to_val op with
InjL <> =>
let: "x" := create
(nadd "av""bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update a "ad";; update b "bd"end)) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr ()
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
∀v : val,
(λv0 : val,
verification.forward_inv γ ℓₓ r nᵣ K₁
∗ implements v0 ((ϱ .{[ K₁]}) a)) v
={⊤}=∗ EWP fill_item
(AppRCtx
(λ: "av",
let: "bv" := get_val b inmatch: to_val op with
InjL <> =>
let: "x" := create
(nadd "av""bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update a "ad";; update b "bd"end)) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
|={⊤}=> EWP fill_item
(AppRCtx
(λ: "av",
let: "bv" := get_val b inmatch: to_val op with
InjL <> =>
let: "x" := create
(nadd "av""bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update a "ad";; update b "bd"end)) av
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP fill_item
(AppRCtx
(λ: "av",
let: "bv" := get_val b inmatch: to_val op with
InjL <> =>
let: "x" := create (nadd "av""bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update a "ad";; update b "bd"end)) av
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP let: "av" := av inlet: "bv" := get_val b inmatch: to_val op with
InjL <> =>
let: "x" := create (nadd "av""bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP let: "bv" := get_val b inmatch: to_val op with
InjL <> =>
let: "x" := create (nadd av "bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av "bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP get_val b
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "bv",
match: to_val op with
InjL <> =>
let: "x" := create
(nadd av
"bv") in
k "x";;
let: "xd" := get_diff
"x"in
update a "xd";;
update b "xd"
| InjR <> =>
let: "x" := create
(nmul av
"bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul av "xd"in
update a "ad";;
update b "bd"end)) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
∀v : val,
(λv0 : val,
verification.forward_inv γ ℓₓ r nᵣ K₁
∗ implements v0
(((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁
:= Iᵣ]}) .{[ K₁]}) b)) v
={⊤}=∗ EWP fill_item
(AppRCtx
(λ: "bv",
match: to_val op with
InjL <> =>
let: "x" := create
(nadd av "bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create
(nmul av "bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end)) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
∀v : val,
(λv0 : val,
verification.forward_inv γ ℓₓ r nᵣ K₁
∗ implements v0 ((ϱ .{[ K₁]}) b)) v
={⊤}=∗ EWP fill_item
(AppRCtx
(λ: "bv",
match: to_val op with
InjL <> =>
let: "x" := create
(nadd av "bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create
(nmul av "bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end)) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av, bv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
|={⊤}=> EWP fill_item
(AppRCtx
(λ: "bv",
match: to_val op with
InjL <> =>
let: "x" := create
(nadd av "bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create
(nmul av "bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end)) bv
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av, bv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP fill_item
(AppRCtx
(λ: "bv",
match: to_val op with
InjL <> =>
let: "x" := create (nadd av "bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av "bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end)) bv
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av, bv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP let: "bv" := bv inmatch: to_val op with
InjL <> =>
let: "x" := create (nadd av "bv") in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av "bv") in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av, bv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP match: to_val op with
InjL <> =>
let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)])
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP match: to_val op with
InjL <> =>
let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP match: to_val op with
InjL <> =>
let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP match: to_val op with
InjL <> =>
let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k: val op: Binop a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (op, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP match: to_val op with
InjL <> =>
let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP match: to_val Addwith
InjL <> =>
let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" :=
Fst "args"inlet: "a" :=
Fst (Snd "args") inlet: "b" :=
Snd (Snd "args") inlet: "av" :=
get_val "a"inlet: "bv" :=
get_val "b"inmatch: "op"with
InjL <> =>
let: "x" :=
create (nadd "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" :=
create (nmul "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"inlet: "ad" :=
nmul "bv""xd"inlet: "bd" :=
nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" :=
Fst "args"inlet: "a" :=
Fst (Snd "args") inlet: "b" :=
Snd (Snd "args") inlet: "av" :=
get_val "a"inlet: "bv" :=
get_val "b"inmatch: "op"with
InjL <> =>
let: "x" :=
create (nadd "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" :=
create (nmul "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"inlet: "ad" :=
nmul "bv""xd"inlet: "bd" :=
nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜
e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP match: to_val Mul with
InjL <> =>
let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
(* Add. *)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP match: to_val Addwith
InjL <> =>
let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP create (nadd av bv)
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "x",
k "x";;
let: "xd" := get_diff "x"in
update a "xd";;
update b "xd")) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP nadd av bv
<| Ψ |> {{ v, EWP fill_item (AppRCtx create) v
<| Ψ |> {{ v0, EWP fill_item
(AppRCtx
(λ: "x",
k "x";;
let: "xd" :=
get_diff "x"in
update a "xd";;
update b "xd"))
v0
<| Ψ |> {{ _, ∃ (K₂ : context)
(y : val),
verification.backward_inv
ℓₓ r nᵣ
e K₁ K₂
y }} }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
∀v : val,
(λx : val,
implements x ((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b))
v
={⊤}=∗ EWP fill_item (AppRCtx create) v
<| Ψ |> {{ v0, EWP fill_item
(AppRCtx
(λ: "x",
k "x";;
let: "xd" := get_diff
"x"in
update a "xd";;
update b "xd")) v0
<| Ψ |> {{ _, ∃ (K₂ : context)
(y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁
K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
|={⊤}=> EWP fill_item (AppRCtx create) xv
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "x",
k "x";;
let: "xd" := get_diff
"x"in
update a "xd";;
update b "xd")) v
<| Ψ |> {{ _, ∃ (K₂ : context)
(y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁
K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP fill_item (AppRCtx create) xv
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "x",
k "x";;
let: "xd" := get_diff "x"in
update a "xd";;
update b "xd")) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP create xv
<| Ψ |> {{ v, EWP let: "x" := v in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
∀v : val,
(λw : val,
∃ℓ : loc, ⌜w = InjRV (xv, #ℓ)⌝ ∗ ℓ ↦ nzero) v
={⊤}=∗ EWP let: "x" := v in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv, x': val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
(∃ℓ : loc, ⌜x' = InjRV (xv, #ℓ)⌝ ∗ ℓ ↦ nzero)
={⊤}=∗ EWP let: "x" := x' in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
"Hx" : x ↦ nzero
--------------------------------------∗
|={⊤}=> EWP let: "x" := InjRV (xv, #x) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
"Hx" : x ↦ nzero
--------------------------------------∗
|={⊤}=> EWP let: "x" := InjRV (xv, #x) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
implements ?Goal0
(((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁ ++ [(InjRV (?Goal0, #x), (Add, a, b))]]})
(InjRV (?Goal0, #x)))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" :=
Fst "args"inlet: "a" :=
Fst (Snd "args") inlet: "b" :=
Snd (Snd "args") inlet: "av" :=
get_val "a"inlet: "bv" :=
get_val "b"inmatch: "op"with
InjL <> =>
let: "x" :=
create (nadd "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" :=
create (nmul "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"inlet: "ad" :=
nmul "bv""xd"inlet: "bd" :=
nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : verification.represents γ ℓₓ nᵣ
(InjRV (?Goal0, #x))
(el +ₑ er)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" :=
Fst "args"inlet: "a" :=
Fst (Snd "args") inlet: "b" :=
Snd (Snd "args") inlet: "av" :=
get_val "a"inlet: "bv" :=
get_val "b"inmatch: "op"with
InjL <> =>
let: "x" :=
create (nadd "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" :=
create (nmul "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"inlet: "ad" :=
nmul "bv""xd"inlet: "bd" :=
nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜
e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (?Goal0, #x), (Add, a, b))])
--------------------------------------∗
|={⊤}=> EWP let: "x" :=
InjRV (xv, #x) in
k "x";;
let: "xd" :=
get_diff "x"in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
implements ?Goal0
(((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁ ++ [(InjRV (?Goal0, #x), (Add, a, b))]]})
(InjRV (?Goal0, #x)))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
implements ?Goal0
((ϱ .{[ K₁ ++ [(InjRV (?Goal0, #x), (Add, a, b))]]})
(InjRV (?Goal0, #x)))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
implements ?Goal0 ((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
by iApply "Hxv".
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : verification.represents γ ℓₓ nᵣ
(InjRV (xv, #x)) (el +ₑ er)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))])
--------------------------------------∗
|={⊤}=> EWP let: "x" := InjRV (xv, #x) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : verification.represents γ ℓₓ nᵣ
(InjRV (xv, #x)) (el +ₑ er)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))])
--------------------------------------∗
EWP let: "x" := InjRV (xv, #x) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))])
--------------------------------------∗
EWP k (InjRV (xv, #x));;
let: "xd" := get_diff (InjRV (xv, #x)) in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
(* Continuation call. *)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))])
--------------------------------------∗
EWP k (InjRV (xv, #x))
<| Ψ |> {{ v, EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff
(InjRV
(xv,
#x)) in
update a "xd";;
update b "xd")) EmptyCtx)
v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))])
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
EWP k (InjRV (xv, #x)) <| Ψ |> {{ v, ?Goal0 v }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" :=
Fst "args"inlet: "a" :=
Fst (Snd "args") inlet: "b" :=
Snd (Snd "args") inlet: "av" :=
get_val "a"inlet: "bv" :=
get_val "b"inmatch: "op"with
InjL <> =>
let: "x" :=
create (nadd "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" :=
create (nmul "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"inlet: "ad" :=
nmul "bv""xd"inlet: "bd" :=
nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
∀v : val,
?Goal0 v
={⊤}=∗ EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" :=
get_diff (InjRV (xv, #x)) in
update a "xd";; update b "xd"))
EmptyCtx) v
<| Ψ |> {{ _,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ
e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))])
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
EWP k (InjRV (xv, #x)) <| Ψ |> {{ v, ?Goal0 v }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))])
--------------------------------------∗
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create (nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V (λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝) ?x
by iApply ("IH"with"Hinv").
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a +ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Add, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
∀v : val,
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y)
v
={⊤}=∗ EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff
(InjRV (xv, #x)) in
update a "xd";; update b "xd"))
EmptyCtx) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
--------------------------------------∗
∀v : val,
(∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y)
={⊤}=∗ EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff
(InjRV (xv, #x)) in
update a "xd";; update b "xd"))
EmptyCtx) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val
--------------------------------------∗
(∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y)
={⊤}=∗ EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff
(InjRV (xv, #x)) in
update a "xd";; update b "xd"))
EmptyCtx) w
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hinv" : verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂
y
--------------------------------------∗
|={⊤}=> EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff
(InjRV (xv, #x)) in
update a "xd";; update b "xd"))
EmptyCtx) w
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hinv" : verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂
y
--------------------------------------∗
EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff (InjRV (xv, #x)) in
update a "xd";; update b "xd"))
EmptyCtx) w
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hinv" : verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂
y
--------------------------------------∗
EWP w;;
let: "xd" := get_diff (InjRV (xv, #x)) in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hinv" : verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂
y
--------------------------------------∗
EWP let: "xd" := get_diff (InjRV (xv, #x)) in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hx" : verification.mapsto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
(InjRV (xv, #x))
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
--------------------------------------∗
EWP let: "xd" := get_diff (InjRV (xv, #x)) in
update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hx" : verification.mapsto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
(InjRV (xv, #x))
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
--------------------------------------∗
EWP get_diff (InjRV (xv, #x))
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "xd",
update a "xd";;
update b "xd")) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
--------------------------------------∗
∀v : val,
(λd : val,
verification.mapsto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
(InjRV (xv, #x))
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]})
.{[ K₁ ++
[(InjRV (xv, #x), (Add, a, b))]]}))⌝))
v
={⊤}=∗ EWP fill_item
(AppRCtx
(λ: "xd",
update a "xd";; update b "xd")) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
"Hxd" : ∃s : R,
implements xd s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]})
.{[ K₁ ++
[(InjRV (xv, #x), (Add, a, b))]]}))⌝
--------------------------------------∗
|={⊤}=> EWP fill_item
(AppRCtx
(λ: "xd",
update a "xd";; update b "xd")) xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
"Hxd" : ∃s : R,
implements xd s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++
[(InjRV (xv, #x), (Add, a, b))]]}))⌝
--------------------------------------∗
|={⊤}=> EWP fill_item
(AppRCtx
(λ: "xd",
update a "xd";; update b "xd")) xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R H: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Add, a, b))]]}))
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
--------------------------------------∗
|={⊤}=> EWP fill_item
(AppRCtx
(λ: "xd",
update a "xd";; update b "xd")) xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Add, a, b))]]}))
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
--------------------------------------∗
|={⊤}=> EWP fill_item
(AppRCtx
(λ: "xd",
update a "xd";; update b "xd")) xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Add, a, b))]]}))
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
--------------------------------------∗
EWP fill_item
(AppRCtx
(λ: "xd", update a "xd";; update b "xd")) xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Add, a, b))]]}))
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
--------------------------------------∗
EWP let: "xd" := xd in update a "xd";; update b "xd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Add, a, b))]]}))
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Add, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
--------------------------------------∗
EWP update a xd;; update b xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Add, a, b))]]}))
"Hxd" : implements xd s
--------------------------------------□
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
--------------------------------------∗
∀v : val,
(λ_ : val,
verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂) y a b) v
={⊤}=∗ ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁ K₂ y
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Add, a, b))]]}))
"Hxd" : implements xd s
--------------------------------------□
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
"Hinv" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂) y a b
--------------------------------------∗
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁ K₂ y
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Add, a, b))]]}))
"Hxd" : implements xd s
--------------------------------------□
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Add, a, b))
:: K₂) y
"Hinv" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Add, a, b)) :: K₂) y a b
--------------------------------------∗
verification.backward_inv ℓₓ r nᵣ e K₁
((?Goal0, (Add, a, b)) :: K₂) y
by iApply "Hfinisher".
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP match: to_val Mul with
InjL <> =>
let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
(* Mul. *)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP match: to_val Mul with
InjL <> =>
let: "x" := create (nadd av bv) in
k "x";;
let: "xd" := get_diff "x"in
update a "xd";; update b "xd"
| InjR <> =>
let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"end
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP let: "x" := create (nmul av bv) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP create (nmul av bv)
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "x",
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";;
update b "bd")) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP nmul av bv
<| Ψ |> {{ v, EWP fill_item (AppRCtx create) v
<| Ψ |> {{ v0, EWP fill_item
(AppRCtx
(λ: "x",
k "x";;
let: "xd" :=
get_diff "x"inlet: "ad" :=
nmul bv "xd"inlet: "bd" :=
nmul av "xd"in
update a "ad";;
update b "bd"))
v0
<| Ψ |> {{ _, ∃ (K₂ : context)
(y : val),
verification.backward_inv
ℓₓ r nᵣ
e K₁ K₂
y }} }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ)
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
∀v : val,
(λx : val,
implements x ((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b))
v
={⊤}=∗ EWP fill_item (AppRCtx create) v
<| Ψ |> {{ v0, EWP fill_item
(AppRCtx
(λ: "x",
k "x";;
let: "xd" := get_diff
"x"inlet: "ad" := nmul
bv
"xd"inlet: "bd" := nmul
av
"xd"in
update a "ad";;
update b "bd")) v0
<| Ψ |> {{ _, ∃ (K₂ : context)
(y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁
K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
|={⊤}=> EWP fill_item (AppRCtx create) xv
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "x",
k "x";;
let: "xd" := get_diff
"x"inlet: "ad" := nmul bv
"xd"inlet: "bd" := nmul av
"xd"in
update a "ad";;
update b "bd")) v
<| Ψ |> {{ _, ∃ (K₂ : context)
(y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁
K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP fill_item (AppRCtx create) xv
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "x",
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";;
update b "bd")) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
EWP create xv
<| Ψ |> {{ v, EWP let: "x" := v in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
∀v : val,
(λw : val,
∃ℓ : loc, ⌜w = InjRV (xv, #ℓ)⌝ ∗ ℓ ↦ nzero) v
={⊤}=∗ EWP let: "x" := v in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv, x': val
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
--------------------------------------∗
(∃ℓ : loc, ⌜x' = InjRV (xv, #ℓ)⌝ ∗ ℓ ↦ nzero)
={⊤}=∗ EWP let: "x" := x' in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
"Hx" : x ↦ nzero
--------------------------------------∗
|={⊤}=> EWP let: "x" := InjRV (xv, #x) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ K₁
"Hx" : x ↦ nzero
--------------------------------------∗
|={⊤}=> EWP let: "x" := InjRV (xv, #x) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
implements ?Goal
(((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁ ++ [(InjRV (?Goal, #x), (Mul, a, b))]]})
(InjRV (?Goal, #x)))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" :=
Fst "args"inlet: "a" :=
Fst (Snd "args") inlet: "b" :=
Snd (Snd "args") inlet: "av" :=
get_val "a"inlet: "bv" :=
get_val "b"inmatch: "op"with
InjL <> =>
let: "x" :=
create (nadd "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" :=
create (nmul "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"inlet: "ad" :=
nmul "bv""xd"inlet: "bd" :=
nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : verification.represents γ ℓₓ nᵣ
(InjRV (?Goal, #x))
(el ×ₑ er)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" :=
Fst "args"inlet: "a" :=
Fst (Snd "args") inlet: "b" :=
Snd (Snd "args") inlet: "av" :=
get_val "a"inlet: "bv" :=
get_val "b"inmatch: "op"with
InjL <> =>
let: "x" :=
create (nadd "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" :=
create (nmul "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"inlet: "ad" :=
nmul "bv""xd"inlet: "bd" :=
nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜
e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (?Goal, #x), (Mul, a, b))])
--------------------------------------∗
|={⊤}=> EWP let: "x" :=
InjRV (xv, #x) in
k "x";;
let: "xd" :=
get_diff "x"inlet: "ad" :=
nmul bv "xd"inlet: "bd" :=
nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
implements ?Goal
(((((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]})
.{[ K₁ ++ [(InjRV (?Goal, #x), (Mul, a, b))]]})
(InjRV (?Goal, #x)))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
implements ?Goal
((ϱ .{[ K₁ ++ [(InjRV (?Goal, #x), (Mul, a, b))]]})
(InjRV (?Goal, #x)))
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
--------------------------------------□
implements ?Goal ((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
by iApply "Hxv".
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : verification.represents γ ℓₓ nᵣ
(InjRV (xv, #x)) (el ×ₑ er)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))])
--------------------------------------∗
|={⊤}=> EWP let: "x" := InjRV (xv, #x) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : verification.represents γ ℓₓ nᵣ
(InjRV (xv, #x)) (el ×ₑ er)
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))])
--------------------------------------∗
EWP let: "x" := InjRV (xv, #x) in
k "x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))])
--------------------------------------∗
EWP k (InjRV (xv, #x));;
let: "xd" := get_diff (InjRV (xv, #x)) inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
(* Continuation call. *)
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))])
--------------------------------------∗
EWP k (InjRV (xv, #x))
<| Ψ |> {{ v, EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff
(InjRV
(xv,
#x)) inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";;
update b "bd")) EmptyCtx)
v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))])
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
EWP k (InjRV (xv, #x)) <| Ψ |> {{ v, ?Goal v }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" :=
Fst "args"inlet: "a" :=
Fst (Snd "args") inlet: "b" :=
Snd (Snd "args") inlet: "av" :=
get_val "a"inlet: "bv" :=
get_val "b"inmatch: "op"with
InjL <> =>
let: "x" :=
create (nadd "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" :=
create (nmul "av""bv") in"k""x";;
let: "xd" :=
get_diff "x"inlet: "ad" :=
nmul "bv""xd"inlet: "bd" :=
nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
∀v : val,
?Goal v
={⊤}=∗ EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" :=
get_diff (InjRV (xv, #x)) inlet: "ad" :=
nmul bv "xd"inlet: "bd" :=
nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) v
<| Ψ |> {{ _,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ
e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))])
"Hk" : ∀x : val,
(∃ab : val,
is_entry γ x (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er)
-∗ ∀ (Ψ'' : iEff Σ) (Φ'' : val -d> iPropO Σ),
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";;
update "b""xd"
| InjR <> =>
let: "x" := create
(nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";;
update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ''
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ
y s ∗ ⌜e =ₑ s⌝) Φ''
-∗ EWP k x <| Ψ'' |> {{ v, Φ'' v }}
--------------------------------------∗
EWP k (InjRV (xv, #x)) <| Ψ |> {{ v, ?Goal v }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
"Hinv" : verification.forward_inv γ ℓₓ r nᵣ
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))])
--------------------------------------∗
▷ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create (nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V (λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝) ?x
by iApply ("IH"with"Hinv").
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"IH" : ∀a : context,
verification.forward_inv γ ℓₓ r nᵣ a
-∗ deep_handler ⊤
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := get_val "a"inlet: "bv" := get_val "b"inmatch: "op"with
InjL <> =>
let: "x" := create
(nadd "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
update "a""xd";; update "b""xd"
| InjR <> =>
let: "x" := create (nmul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := nmul "bv""xd"inlet: "bd" := nmul "av""xd"in
update "a""ad";; update "b""bd"end)%V
(λ: "res", update "res" none)%V
(verification.AD γ ℓₓ nᵣ) Ψ
(λy : val,
∃s : Expr (),
verification.represents γ ℓₓ nᵣ y s
∗ ⌜e =ₑ s⌝)
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
a K₂ y)
"Ha" : verification.represents γ ℓₓ nᵣ a el
"Hb" : verification.represents γ ℓₓ nᵣ b er
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxv" : implements xv
((ϱ .{[ K₁]}) a ×ᵣ (ϱ .{[ K₁]}) b)
"Hx'" : ∃ab : val,
is_entry γ (InjRV (xv, #x)) (Mul, a, b)
∗ verification.represents γ ℓₓ nᵣ a el
∗ verification.represents γ ℓₓ nᵣ b er
--------------------------------------□
∀v : val,
(λ_ : val,
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y)
v
={⊤}=∗ EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff
(InjRV (xv, #x)) inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
∀v : val,
(∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y)
={⊤}=∗ EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff
(InjRV (xv, #x)) inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
(∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y)
={⊤}=∗ EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff
(InjRV (xv, #x)) inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) w
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hinv" : verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂
y
--------------------------------------∗
|={⊤}=> EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff
(InjRV (xv, #x)) inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) w
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hinv" : verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂
y
--------------------------------------∗
EWP fill
(ConsCtx
(AppRCtx
(λ: <>,
let: "xd" := get_diff (InjRV (xv, #x)) inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) w
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hinv" : verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂
y
--------------------------------------∗
EWP w;;
let: "xd" := get_diff (InjRV (xv, #x)) inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hinv" : verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂
y
--------------------------------------∗
EWP let: "xd" := get_diff (InjRV (xv, #x)) inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hinv" : verification.backward_inv ℓₓ r nᵣ e
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂
y
--------------------------------------∗
EWP get_diff (InjRV (xv, #x))
<| Ψ |> {{ v, EWP fill
(ConsCtx
(AppRCtx
(λ: "xd",
let: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";;
update b "bd")) EmptyCtx)
v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hx" : verification.mapsto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
(InjRV (xv, #x))
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP get_diff (InjRV (xv, #x))
<| Ψ |> {{ v, EWP fill
(ConsCtx
(AppRCtx
(λ: "xd",
let: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";;
update b "bd")) EmptyCtx)
v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
∀v : val,
(λd : val,
verification.mapsto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
(InjRV (xv, #x))
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]})
.{[ K₁ ++
[(InjRV (xv, #x), (Mul, a, b))]]}))⌝))
v
={⊤}=∗ EWP fill
(ConsCtx
(AppRCtx
(λ: "xd",
let: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
"Hxd" : ∃s : R,
implements xd s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at ((((λ_ : val, r) .{[ a₀ := Oᵣ]})
.{[ a₁ := Iᵣ]})
.{[ K₁ ++
[(InjRV (xv, #x), (Mul, a, b))]]}))⌝
--------------------------------------∗
|={⊤}=> EWP fill
(ConsCtx
(AppRCtx
(λ: "xd",
let: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
"Hxd" : ∃s : R,
implements xd s
∗ ⌜s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++
[(InjRV (xv, #x), (Mul, a, b))]]}))⌝
--------------------------------------∗
|={⊤}=> EWP fill
(ConsCtx
(AppRCtx
(λ: "xd",
let: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R H: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]}))
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
|={⊤}=> EWP fill
(ConsCtx
(AppRCtx
(λ: "xd",
let: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]}))
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
|={⊤}=> EWP fill
(ConsCtx
(AppRCtx
(λ: "xd",
let: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]}))
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP fill
(ConsCtx
(AppRCtx
(λ: "xd",
let: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"))
EmptyCtx) xd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]}))
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP let: "xd" := xd inlet: "ad" := nmul bv "xd"inlet: "bd" := nmul av "xd"in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]}))
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP let: "ad" := nmul bv xd inlet: "bd" := nmul av xd in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]}))
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP nmul bv xd
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "ad",
let: "bd" := nmul av xd in
update a "ad";;
update b "bd")) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]}))
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
∀v : val,
(λx : val, implements x ((ϱ .{[ K₁]}) b ×ᵣ s)) v
={⊤}=∗ EWP fill_item
(AppRCtx
(λ: "ad",
let: "bd" := nmul av xd in
update a "ad";; update b "bd")) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
|={⊤}=> EWP fill_item
(AppRCtx
(λ: "ad",
let: "bd" := nmul av xd in
update a "ad";; update b "bd")) ad
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP fill_item
(AppRCtx
(λ: "ad",
let: "bd" := nmul av xd in
update a "ad";; update b "bd")) ad
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP let: "ad" := ad inlet: "bd" := nmul av xd in
update a "ad";; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP let: "bd" := nmul av xd in
update a ad;; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP nmul av xd
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "bd",
update a ad;; update b "bd"))
v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv
ℓₓ r nᵣ e K₁ K₂ y }} }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
∀v : val,
(λx : val, implements x ((ϱ .{[ K₁]}) a ×ᵣ s)) v
={⊤}=∗ EWP fill_item
(AppRCtx
(λ: "bd",
update a ad;; update b "bd")) v
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ
r nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad, bd: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
"Hbd" : implements bd ((ϱ .{[ K₁]}) a ×ᵣ s)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
|={⊤}=> EWP fill_item
(AppRCtx
(λ: "bd", update a ad;; update b "bd"))
bd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r
nᵣ e K₁ K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad, bd: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
"Hbd" : implements bd ((ϱ .{[ K₁]}) a ×ᵣ s)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP fill_item
(AppRCtx (λ: "bd", update a ad;; update b "bd"))
bd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad, bd: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
"Hbd" : implements bd ((ϱ .{[ K₁]}) a ×ᵣ s)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP let: "bd" := bd in update a ad;; update b "bd"
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad, bd: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
"Hbd" : implements bd ((ϱ .{[ K₁]}) a ×ᵣ s)
--------------------------------------□
"Hab" : verification.both_mapto_diff r
(K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]) K₂ y
a b
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
EWP update a ad;; update b bd
<| Ψ |> {{ _, ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁
K₂ y }}
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad, bd: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
"Hbd" : implements bd ((ϱ .{[ K₁]}) a ×ᵣ s)
--------------------------------------□
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
--------------------------------------∗
∀v : val,
(λ_ : val,
verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂) y a b) v
={⊤}=∗ ∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁ K₂ y
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad, bd: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
"Hbd" : implements bd ((ϱ .{[ K₁]}) a ×ᵣ s)
--------------------------------------□
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
"Hinv" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂) y a b
--------------------------------------∗
∃ (K₂ : context) (y : val),
verification.backward_inv ℓₓ r nᵣ e K₁ K₂ y
Σ: gFunctors cgraphG0: cgraphG Σ heapG0: heapG Σ R: Set RS: RingSig R RA: IsRing R N: Num Ψ: iEff Σ NSpec: NumSpec N Ψ RS γ: gname ℓₓ: loc r: R nᵣ: val e: Expr () f: val ϱ:= ((λ_ : val, r) .{[ a₀ := Oᵣ]}) .{[ a₁ := Iᵣ]}: val → R K₁: context k, a, b: val el, er: Expr () av, bv: val HND: NoDup (defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]) Ha: a ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hb: b ∈ defs K₁ ++ [a₀; a₁; InjRV (nᵣ, #ℓₓ)] Hdefs: ∀a : val,
a ∈ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)]
→ ∃ (v : val) (ℓ : loc), a = InjRV (v, #ℓ) xv: val x: loc Hx: ∀v : val,
InjRV (v, #x) ∉ defs K₁ ++ [InjRV (nᵣ, #ℓₓ)] w: val K₂: context y, xd: val s: R Hs: s =ᵣ
(∂ LetK₂ .in y ./ ∂ InjRV (xv, #x)
.at (ϱ
.{[ K₁ ++ [(InjRV (xv, #x), (Mul, a, b))]]})) ad, bd: val
"Hav" : implements av ((ϱ .{[ K₁]}) a)
"Hbv" : implements bv ((ϱ .{[ K₁]}) b)
"Hxd" : implements xd s
"Had" : implements ad ((ϱ .{[ K₁]}) b ×ᵣ s)
"Hbd" : implements bd ((ϱ .{[ K₁]}) a ×ᵣ s)
--------------------------------------□
"Hfinisher" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂)
y a b
-∗ verification.backward_inv ℓₓ r nᵣ e
K₁
((InjRV (xv, #x), (Mul, a, b))
:: K₂) y
"Hinv" : verification.both_mapto_diff r K₁
((InjRV (xv, #x), (Mul, a, b)) :: K₂) y a b
--------------------------------------∗
verification.backward_inv ℓₓ r nᵣ e K₁
((?Goal, (Mul, a, b)) :: K₂) y
by iApply "Hfinisher".}}Qed.Endproof_of_handle.Sectionproof_of_diff.Context `{R₁: !cgraphG Σ, R₂: !heapG Σ}.
"Hclient" : isExp f e
--------------------------------------∗
isExp (diff f) (∂ e ./ ∂ () .at (λ_ : (), Xₑ))
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num
"Hclient" : isExp f e
--------------------------------------∗
EWP diff f N
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig R) (_ : IsRing
R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ e
./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num
"Hclient" : isExp f e
--------------------------------------∗
EWP let: "vf" := f ADNum inλ: "a",
let: "x" := create "a"in
handle "vf""x";; get_diff "x"
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig R) (_ : IsRing
R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ e
./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num
"Hclient" : isExp f e
--------------------------------------∗
EWP f ADNum
<| ⊥ |> {{ v, EWP fill_item
(AppRCtx
(λ: "vf""a",
let: "x" := create "a"in
handle "vf""x";;
get_diff "x")) v
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig
R)
(_ : IsRing R) (Ψ :
iEff Σ)
(NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements
y s
∗ ⌜
s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ e
./ ∂ tt
.at
(λ_ : (),
Xₑ)))⌝ }} }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num
"Hclient" : EWP f ADNum
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig R)
(_ : IsRing R) (Ψ : iEff
Σ)
(NSpec : NumSpec ADNum Ψ
RS) (x : val)
(r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements
y s
∗ ⌜
s =ᵣ
eval
(map
(λ_ : (),
r) e)⌝ }} }}
--------------------------------------∗
EWP f ADNum
<| ⊥ |> {{ v, EWP fill_item
(AppRCtx
(λ: "vf""a",
let: "x" := create "a"in
handle "vf""x";;
get_diff "x")) v
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig
R)
(_ : IsRing R) (Ψ :
iEff Σ)
(NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements
y s
∗ ⌜
s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ e
./ ∂ tt
.at
(λ_ : (),
Xₑ)))⌝ }} }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num
--------------------------------------∗
∀v : val,
(∀ (R : Set) (RS : RingSig R) (_ : IsRing R) (Ψ :
iEff Σ)
(NSpec : NumSpec ADNum Ψ RS) (x : val) (r : R),
implements x r
-∗ EWP v x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval (map (λ_ : (), r) e)⌝ }})
={⊤}=∗ EWP fill_item
(AppRCtx
(λ: "vf""a",
let: "x" := create "a"in
handle "vf""x";; get_diff "x"))
v
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig R)
(_ : IsRing R) (Ψ : iEff Σ)
(NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements
y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ e
./ ∂ tt
.at
(λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
--------------------------------------∗
|={⊤}=> EWP fill_item
(AppRCtx
(λ: "vf""a",
let: "x" := create "a"in
handle "vf""x";; get_diff "x"))
vf
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig R)
(_ : IsRing R) (Ψ : iEff Σ)
(NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements
y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ e
./ ∂ tt
.at
(λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
--------------------------------------∗
EWP fill_item
(AppRCtx
(λ: "vf""a",
let: "x" := create "a"in
handle "vf""x";; get_diff "x")) vf
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig R) (_ : IsRing
R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ e
./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
--------------------------------------∗
EWP let: "vf" := vf inλ: "a",
let: "x" := create "a"in
handle "vf""x";; get_diff "x"
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig R) (_ : IsRing
R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ e
./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
--------------------------------------∗
∀ (R : Set) (RS : RingSig R) (_ : IsRing R) (Ψ : iEff
Σ)
(NSpec : NumSpec N Ψ RS) (x : val) (r : R),
implements x r
-∗ EWP (λ: "a",
let: "x" := create "a"in
handle vf "x";; get_diff "x")%V x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hx" : implements x r
--------------------------------------∗
EWP (λ: "a",
let: "x" := create "a"in
handle vf "x";; get_diff "x")%V x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hx" : implements x r
--------------------------------------∗
EWP let: "x" := create x in
handle vf "x";; get_diff "x"
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hx" : implements x r
--------------------------------------∗
EWP create x
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: "x",
handle vf "x";; get_diff "x"))
v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hx" : implements x r
--------------------------------------∗
∀v : val,
(λw : val,
∃ℓ : loc, ⌜w = InjRV (x, #ℓ)⌝ ∗ ℓ ↦ nzero) v
={⊤}=∗ EWP fill_item
(AppRCtx
(λ: "x",
handle vf "x";; get_diff "x")) v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ': val
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hx" : implements x r
"Hℓₓ" : ℓₓ ↦ nzero
--------------------------------------∗
EWP fill_item
(AppRCtx (λ: "x", handle vf "x";; get_diff "x"))
(InjRV (x, #ℓₓ))
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hx" : implements x r
"Hℓₓ" : ℓₓ ↦ nzero
--------------------------------------∗
EWP let: "x" := InjRV (x, #ℓₓ) in
handle vf "x";; get_diff "x"
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hx" : implements x r
"Hℓₓ" : ℓₓ ↦ nzero
--------------------------------------∗
EWP handle vf (InjRV (x, #ℓₓ));;
get_diff (InjRV (x, #ℓₓ))
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hx" : implements x r
"Hℓₓ" : ℓₓ ↦ nzero
--------------------------------------∗
EWP handle vf (InjRV (x, #ℓₓ))
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: <>,
get_diff (InjRV (x, #ℓₓ))))
v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hx" : implements x r
"Hℓₓ" : ℓₓ ↦ nzero
--------------------------------------∗
|={⊤}=> EWP handle vf (InjRV (x, #ℓₓ))
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: <>,
get_diff
(InjRV (x, #ℓₓ))))
v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ e
./ ∂ tt
.at
(λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hinv" : forward_inv γ ℓₓ r x []
--------------------------------------∗
|={⊤}=> EWP handle vf (InjRV (x, #ℓₓ))
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: <>,
get_diff
(InjRV (x, #ℓₓ))))
v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ e
./ ∂ tt
.at
(λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hinv" : forward_inv γ ℓₓ r x []
--------------------------------------∗
EWP handle vf (InjRV (x, #ℓₓ))
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: <>,
get_diff (InjRV (x, #ℓₓ))))
v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hinv" : forward_inv γ ℓₓ r x []
--------------------------------------∗
EWP handle vf (InjRV (x, #ℓₓ))
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: <>,
get_diff (InjRV (x, #ℓₓ))))
v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ())
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hinv" : forward_inv γ ℓₓ r x []
--------------------------------------∗
EWP handle vf (InjRV (x, #ℓₓ))
<| Ψ |> {{ v, EWP fill_item
(AppRCtx
(λ: <>,
get_diff (InjRV (x, #ℓₓ))))
v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val
"Hvf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hinv" : forward_inv γ ℓₓ r x []
--------------------------------------∗
EWP handle vf aₓ
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, get_diff aₓ)) v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val
"Hvf" : ∀ (Ψ : iEff Σ) (NSpec : NumSpec ADNum Ψ
(ExprRing ())) (x : val)
(r : Expr ()),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : Expr (),
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r) e)⌝ }}
"Hinv" : forward_inv γ ℓₓ r x []
--------------------------------------∗
EWP handle vf aₓ
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, get_diff aₓ)) v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val
"Hinv" : forward_inv γ ℓₓ r x []
"Hvf" : EWP vf aₓ
<| Ψ_client |> {{ y, ∃s : Expr (),
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), Xₑ)
e)⌝ }}
--------------------------------------∗
EWP handle vf aₓ
<| Ψ |> {{ v, EWP fill_item
(AppRCtx (λ: <>, get_diff aₓ)) v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val
"Hinv" : forward_inv γ ℓₓ r x []
"Hvf" : EWP vf aₓ
<| Ψ_client |> {{ y, ∃s : Expr (),
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), Xₑ)
e)⌝ }}
--------------------------------------∗
EWP handle vf aₓ <| Ψ |> {{ v, ?Goal v }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val
--------------------------------------∗
∀v : val,
?Goal v
={⊤}=∗ EWP fill_item (AppRCtx (λ: <>, get_diff aₓ))
v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜
s =ᵣ
eval
(map
(λ_ : (), r)
(∂ e ./ ∂ tt .at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val
"Hinv" : forward_inv γ ℓₓ r x []
"Hvf" : EWP vf aₓ
<| Ψ_client |> {{ y, ∃s : Expr (),
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), Xₑ)
e)⌝ }}
--------------------------------------∗
EWP handle vf aₓ <| Ψ |> {{ v, ?Goal v }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val
"Hvf" : EWP vf aₓ
<| Ψ_client |> {{ y, ∃s : Expr (),
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), Xₑ)
e)⌝ }}
--------------------------------------∗
EWP vf (InjRV (x, #ℓₓ))
<| AD γ ℓₓ x |> {{ y, ∃s : Expr (),
represents γ ℓₓ x y s
∗ ⌜?Goal0 =ₑ s⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val
--------------------------------------∗
∀v : val,
(∃s : Expr (),
implements v s
∗ ⌜s =ᵣ eval (map (λ_ : (), Xₑ) e)⌝)
={⊤}=∗ ∃s : Expr (),
represents γ ℓₓ x v s ∗ ⌜?Goal0 =ₑ s⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val y: val
--------------------------------------∗
(∃s : Expr (),
implements y s ∗ ⌜s =ᵣ eval (map (λ_ : (), Xₑ) e)⌝)
={⊤}=∗ ∃s : Expr (),
represents γ ℓₓ x y s ∗ ⌜?Goal0 =ₑ s⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val y: val s: Expr () H: s =ᵣ eval (map (λ_ : (), Xₑ) e)
"Hs" : implements y s
--------------------------------------∗
|={⊤}=> ∃s : Expr (),
represents γ ℓₓ x y s ∗ ⌜?Goal0 =ₑ s⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val y: val s: Expr () He: s =ᵣ eval (map (λ_ : (), Xₑ) e)
"Hs" : implements y s
--------------------------------------∗
|={⊤}=> ∃s : Expr (),
represents γ ℓₓ x y s ∗ ⌜?Goal0 =ₑ s⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val y: val s: Expr () He: s =ᵣ eval (map (λ_ : (), Xₑ) e)
"Hs" : implements y s
--------------------------------------∗
∃s : Expr (), represents γ ℓₓ x y s ∗ ⌜?Goal0 =ₑ s⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val y: val s: Expr () He: s =ᵣ eval (map (λ_ : (), Xₑ) e)
"Hs" : implements y s
--------------------------------------∗
represents γ ℓₓ x y s ∗ ⌜?Goal0 =ₑ s⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val y: val s: Expr () He: s =ᵣ eval (map (λ_ : (), Xₑ) e)
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val y: val s: Expr () He: s =ᵣ eval (map (λ_ : (), Xₑ) e)
?Goal0 =ₑ s
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val y: val s: Expr () He: s =ᵣ eval (map (λ_ : (), Xₑ) e)
s =ₑ ?y
byapply He.
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val
--------------------------------------∗
∀v : val,
(λ_ : val,
∃ (K₂ : context) (y : val),
backward_inv ℓₓ r x
(eval (map (λ_ : (), Xₑ) e)) [] K₂ y) v
={⊤}=∗ EWP fill_item (AppRCtx (λ: <>, get_diff aₓ))
v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val w: val
--------------------------------------∗
(∃ (K₂ : context) (y : val),
backward_inv ℓₓ r x (eval (map (λ_ : (), Xₑ) e))
[] K₂ y)
={⊤}=∗ EWP fill_item (AppRCtx (λ: <>, get_diff aₓ)) w
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val w: val K: context y: val
"Hinv" : backward_inv ℓₓ r x
(eval (map (λ_ : (), Xₑ) e)) [] K y
--------------------------------------∗
|={⊤}=> EWP fill_item (AppRCtx (λ: <>, get_diff aₓ)) w
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val w: val K: context y: val
"Hinv" : backward_inv ℓₓ r x
(eval (map (λ_ : (), Xₑ) e)) [] K y
--------------------------------------∗
EWP fill_item (AppRCtx (λ: <>, get_diff aₓ)) w
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val w: val K: context y: val
"Hinv" : backward_inv ℓₓ r x
(eval (map (λ_ : (), Xₑ) e)) [] K y
--------------------------------------∗
EWP w;; get_diff aₓ
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val w: val K: context y: val H: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y ./ ∂
InjRV (x, #ℓₓ)
.at (((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
"Hheap" : [∗ list] u ∈ (defs [] ++ [InjRV (x, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
mapsto_diff r [] K y u
∗ ⌜u = InjRV (v, #ℓ)⌝
--------------------------------------∗
EWP w;; get_diff aₓ
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val w: val K: context y: val Hdiff_output: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y
./ ∂ InjRV (x, #ℓₓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
"Hheap" : [∗ list] u ∈ (defs [] ++ [InjRV (x, #ℓₓ)]),
∃ (v : val) (ℓ : loc),
mapsto_diff r [] K y u
∗ ⌜u = InjRV (v, #ℓ)⌝
--------------------------------------∗
EWP w;; get_diff aₓ
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val w: val K: context y: val Hdiff_output: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y
./ ∂ InjRV (x, #ℓₓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
"Hx" : ∃ (v : val) (ℓ : loc),
mapsto_diff r [] K y (InjRV (x, #ℓₓ))
∗ ⌜InjRV (x, #ℓₓ) = InjRV (v, #ℓ)⌝
--------------------------------------∗
EWP w;; get_diff aₓ
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R ℓₓ: loc γ: gname Ψ_client:= AD γ ℓₓ x: iEff Σ NSpec_client:= ADNumSpec γ ℓₓ x: NumSpec ADNum (AD γ ℓₓ x) (ExprRing ()) aₓ:= InjRV (x, #ℓₓ): val w: val K: context y: val Hdiff_output: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y
./ ∂ InjRV (x, #ℓₓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})) v: val ℓ: loc H: InjRV (x, #ℓₓ) = InjRV (v, #ℓ)
"Hx" : mapsto_diff r [] K y (InjRV (x, #ℓₓ))
--------------------------------------∗
EWP w;; get_diff aₓ
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS r: R γ: gname ℓ: loc v: val Ψ_client:= AD γ ℓ v: iEff Σ NSpec_client:= ADNumSpec γ ℓ v: NumSpec ADNum (AD γ ℓ v) (ExprRing ()) aₓ:= InjRV (v, #ℓ): val w: val K: context y: val Hdiff_output: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y ./ ∂
InjRV (v, #ℓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
"Hx" : mapsto_diff r [] K y (InjRV (v, #ℓ))
--------------------------------------∗
EWP w;; get_diff aₓ
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS r: R γ: gname ℓ: loc v: val Ψ_client:= AD γ ℓ v: iEff Σ NSpec_client:= ADNumSpec γ ℓ v: NumSpec ADNum (AD γ ℓ v) (ExprRing ()) aₓ:= InjRV (v, #ℓ): val w: val K: context y: val Hdiff_output: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y ./ ∂
InjRV (v, #ℓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
"Hx" : mapsto_diff r [] K y aₓ
--------------------------------------∗
EWP w;; get_diff aₓ
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS r: R γ: gname ℓ: loc v: val Ψ_client:= AD γ ℓ v: iEff Σ NSpec_client:= ADNumSpec γ ℓ v: NumSpec ADNum (AD γ ℓ v) (ExprRing ()) aₓ:= InjRV (v, #ℓ): val w: val K: context y: val Hdiff_output: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y ./ ∂
InjRV (v, #ℓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
"Hx" : mapsto_diff r [] K y aₓ
--------------------------------------∗
EWP get_diff aₓ
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS r: R γ: gname ℓ: loc v: val Ψ_client:= AD γ ℓ v: iEff Σ NSpec_client:= ADNumSpec γ ℓ v: NumSpec ADNum (AD γ ℓ v) (ExprRing ()) aₓ:= InjRV (v, #ℓ): val w: val K: context y: val Hdiff_output: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y ./ ∂
InjRV (v, #ℓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
--------------------------------------∗
∀v : val,
(λd : val,
mapsto_diff r [] K y aₓ
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK .in y ./ ∂ aₓ
.at ((((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})
.{[ []]}))⌝)) v
={⊤}=∗ ∃s : R,
implements v s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt .at (λ_ : (), Xₑ)))⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS r: R γ: gname ℓ: loc v: val Ψ_client:= AD γ ℓ v: iEff Σ NSpec_client:= ADNumSpec γ ℓ v: NumSpec ADNum (AD γ ℓ v) (ExprRing ()) aₓ:= InjRV (v, #ℓ): val w: val K: context y: val Hdiff_output: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y ./ ∂
InjRV (v, #ℓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})) d: val
--------------------------------------∗
mapsto_diff r [] K y aₓ
∗ (∃s : R,
implements d s
∗ ⌜s =ᵣ
(∂ LetK .in y ./ ∂ aₓ
.at ((((λ_ : val, r) .{[ InjLV (InjLV #())
:= Oᵣ]}) .{[ InjLV (InjRV #()) := Iᵣ]})
.{[ []]}))⌝)
={⊤}=∗ ∃s : R,
implements d s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ e ./ ∂ tt .at (λ_ : (), Xₑ)))⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS r: R γ: gname ℓ: loc v: val Ψ_client:= AD γ ℓ v: iEff Σ NSpec_client:= ADNumSpec γ ℓ v: NumSpec ADNum (AD γ ℓ v) (ExprRing ()) aₓ:= InjRV (v, #ℓ): val w: val K: context y: val Hdiff_output: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y ./ ∂
InjRV (v, #ℓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})) d: val
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS r: R γ: gname ℓ: loc v: val Ψ_client:= AD γ ℓ v: iEff Σ NSpec_client:= ADNumSpec γ ℓ v: NumSpec ADNum (AD γ ℓ v) (ExprRing ()) aₓ:= InjRV (v, #ℓ): val w: val K: context y: val Hdiff_output: (∂ eval (map (λ_ : (), Xₑ) e) ./ ∂ ()
.at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y ./ ∂
InjRV (v, #ℓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]})) d: val s: R H: s =ᵣ
(∂ LetK .in y ./ ∂ aₓ
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}) .{[ []]}))
s =ᵣ
eval
(map (λ_ : (), r) (∂ e ./ ∂ () .at (λ_ : (), Xₑ)))
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS r: R γ: gname ℓ: loc v: val Ψ_client:= AD γ ℓ v: iEff Σ NSpec_client:= ADNumSpec γ ℓ v: NumSpec ADNum (AD γ ℓ v) (ExprRing ()) aₓ:= InjRV (v, #ℓ): val w: val K: context y, d: val s: R H: s =ᵣ
(∂ LetK .in y ./ ∂ aₓ
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}) .{[ []]})) Hdiff_output: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y ./ ∂
InjRV (v, #ℓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
s =ᵣ
eval
(map (λ_ : (), r) (∂ e ./ ∂ () .at (λ_ : (), Xₑ)))
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ f: Num → expr e: Expr () N: Num vf: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS r: R γ: gname ℓ: loc v: val Ψ_client:= AD γ ℓ v: iEff Σ NSpec_client:= ADNumSpec γ ℓ v: NumSpec ADNum (AD γ ℓ v) (ExprRing ()) aₓ:= InjRV (v, #ℓ): val w: val K: context y, d: val s: R H: s =ᵣ
(∂ LetK .in y ./ ∂ aₓ
.at ((((λ_ : val, r) .{[
InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}) .{[ []]})) Hdiff_output: (∂ e ./ ∂ () .at (λ_ : (), r)) =ᵣ
(∂ Let [] ++ K .in y ./ ∂
InjRV (v, #ℓ)
.at (((λ_ : val, r)
.{[ InjLV (InjLV #()) := Oᵣ]})
.{[ InjLV (InjRV #()) := Iᵣ]}))
s =ᵣ (∂ e ./ ∂ () .at (λ_ : (), r))
byrewrite Hdiff_output.Qed.Endproof_of_diff.
Ignoring canonical projection to discrete_ofe_mixin by
ofe_mixin in nodeO: redundant with fracO
[redundant-canonical-projection,typechecker]
Ignoring canonical projection to discrete_dist by
ofe_dist in nodeO: redundant with fracO
[redundant-canonical-projection,typechecker]
Ignoring canonical projection to equivL by ofe_equiv
in nodeO: redundant with fracO
[redundant-canonical-projection,typechecker]
(** * Clients. *)(** We have proved that [diff] satisfies a given specification. Now, we implement some clients of [diff] to see what kind of results we can derive from that.*)Sectionclients.(* First, we provide a concrete implementation of integers. (Integers are unbounded in our calculus.) This will unlock the derivation functionality where arithmetical operators are interpreted as the standard addition and multiplication on integers. *)Sectionring_of_integers.Context `{!irisG eff_lang Σ}.Program InstanceZNum : Num := {
nzero := #0%Z;
none := #1%Z;
nadd := (λ: "a""b", "a" + "b")%V;
nmul := (λ: "a""b", "a" * "b")%V;
}.Program InstanceZNumSpec : NumSpec ZNum ⊥%ieff ZRing := {
implements := λvn, ⌜ v = #n ⌝%I;
}.(* Implements Oᵣ. *)
Σ: gFunctors irisG0: irisG eff_lang Σ
⊢ (λ (v : val) (n : Z), ⌜v = #n⌝) nzero (Oᵣ)
auto.Qed.(* Implements Iᵣ. *)
Σ: gFunctors irisG0: irisG eff_lang Σ
⊢ (λ (v : val) (n : Z), ⌜v = #n⌝) none (Iᵣ)
auto.Qed.(* Implements +ᵣ. *)
Σ: gFunctors irisG0: irisG eff_lang Σ
∀ (E : coPset) (ab : val) (rs : Z),
(λ (v : val) (n : Z), ⌜v = #n⌝) a r
-∗ (λ (v : val) (n : Z), ⌜v = #n⌝) b s
-∗ EWP nadd a b
@ E <| ⊥ |> {{ x, (λ (v : val) (n : Z),
⌜v = #n⌝) x (r +ᵣ s) }}
∀ (E : coPset) (ab : val) (rs : Z),
(λ (v : val) (n : Z), ⌜v = #n⌝) a r
-∗ (λ (v : val) (n : Z), ⌜v = #n⌝) b s
-∗ EWP nmul a b
@ E <| ⊥ |> {{ x, (λ (v : val) (n : Z),
⌜v = #n⌝) x (r ×ᵣ s) }}
--------------------------------------∗
EWP x_cube N
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig R) (_ : IsRing
R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
((Xₑ)
×ₑ ((Xₑ)
×ₑ
(Xₑ))))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num
--------------------------------------∗
∀ (R : Set) (RS : RingSig R) (_ : IsRing R) (Ψ : iEff
Σ)
(NSpec : NumSpec N Ψ RS) (x : val) (r : R),
implements x r
-∗ EWP x_cube N x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
((Xₑ) ×ₑ ((Xₑ) ×ₑ (Xₑ))))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hx" : implements x r
--------------------------------------□
EWP x_cube N x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
((Xₑ) ×ₑ ((Xₑ) ×ₑ (Xₑ))))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hx" : implements x r
--------------------------------------□
EWP (λ: "x", nmul "x" (nmul "x""x"))%V x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
((Xₑ) ×ₑ ((Xₑ) ×ₑ (Xₑ))))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hx" : implements x r
--------------------------------------□
EWP nmul x (nmul x x)
<| Ψ |> {{ y, ∃s : R,
implements y s ∗ ⌜s =ᵣ r ×ᵣ (r ×ᵣ r)⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hx" : implements x r
--------------------------------------□
EWP nmul x x
<| Ψ |> {{ v, EWP fill_item (AppRCtx (nmul x)) v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ r ×ᵣ (r ×ᵣ r)⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R
"Hx" : implements x r
--------------------------------------□
∀v : val,
(λx : val, implements x (r ×ᵣ r)) v
={⊤}=∗ EWP fill_item (AppRCtx (nmul x)) v
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ r ×ᵣ (r ×ᵣ r)⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val
"Hx" : implements x r
"Hy" : implements y (r ×ᵣ r)
--------------------------------------□
|={⊤}=> EWP fill_item (AppRCtx (nmul x)) y
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ r ×ᵣ (r ×ᵣ r)⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val
"Hx" : implements x r
"Hy" : implements y (r ×ᵣ r)
--------------------------------------□
EWP fill_item (AppRCtx (nmul x)) y
<| Ψ |> {{ y, ∃s : R,
implements y s ∗ ⌜s =ᵣ r ×ᵣ (r ×ᵣ r)⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val
"Hx" : implements x r
"Hy" : implements y (r ×ᵣ r)
--------------------------------------□
EWP nmul x y
<| Ψ |> {{ y, ∃s : R,
implements y s ∗ ⌜s =ᵣ r ×ᵣ (r ×ᵣ r)⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y: val
"Hx" : implements x r
"Hy" : implements y (r ×ᵣ r)
--------------------------------------□
∀v : val,
(λx : val, implements x (r ×ᵣ (r ×ᵣ r))) v
={⊤}=∗ ∃s : R,
implements v s ∗ ⌜s =ᵣ r ×ᵣ (r ×ᵣ r)⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y, z: val
"Hx" : implements x r
"Hy" : implements y (r ×ᵣ r)
--------------------------------------□
"Hz" : implements z (r ×ᵣ (r ×ᵣ r))
--------------------------------------∗
|={⊤}=> ∃s : R, implements z s ∗ ⌜s =ᵣ r ×ᵣ (r ×ᵣ r)⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y, z: val
"Hx" : implements x r
"Hy" : implements y (r ×ᵣ r)
--------------------------------------□
"Hz" : implements z (r ×ᵣ (r ×ᵣ r))
--------------------------------------∗
∃s : R, implements z s ∗ ⌜s =ᵣ r ×ᵣ (r ×ᵣ r)⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ N: Num R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec N Ψ RS x: val r: R y, z: val
"Hx" : implements x r
"Hy" : implements y (r ×ᵣ r)
--------------------------------------□
"Hz" : implements z (r ×ᵣ (r ×ᵣ r))
--------------------------------------∗
implements z (r ×ᵣ (r ×ᵣ r))
∗ ⌜r ×ᵣ (r ×ᵣ r) =ᵣ r ×ᵣ (r ×ᵣ r)⌝
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ n: Z vdiff: val
#(0 * (n * n) + 1 * (1 * n + n * 1) +
(1 * (1 * n + n * 1) +
n * (0 * n + 1 * 1 + (1 * 1 + n * 0)))) = #(6 * n)
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ n: Z vdiff: val
(0 * (n * n) + 1 * (1 * n + n * 1) +
(1 * (1 * n + n * 1) +
n * (0 * n + 1 * 1 + (1 * 1 + n * 0))))%Z =
(6 * n)%Z
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ n: Z vdiff: val
(0 * (n * n) + (n + n * 1) +
(n + n * 1 + (n * (0 * n + 1) + n * (1 + n * 0))))%Z =
(6 * n)%Z
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ n: Z vdiff: val
(n + n + (n + n + (n + n)))%Z = (6 * n)%Z
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ n: Z vdiff: val
(n + n + (n + n + (n + n)))%Z =
(n + n + n + n + n + n)%Z
byrewrite !Z.add_assoc.Qed.Endx_cube.Endclients.(** * Implementation in HH. *)(** An attentive reader might have noticed that the algorithm we verified in the previous sections was not entirely written in [HH]. Indeed, the function [diff] is a Coq function of two arguments. One of its arguments, for example, is a record of type [Num], which is used in the definition of [diff] as the provider of arithmetical operations and constants. This diverges from the actual code that we would write in [HH] or in another programming language, because that is not how these numerical operations would be accessed. A program that takes such record as one of its arguments would have to deconstruct it and bind its components using binders of the language itself, not meta-level ones. Writing the code with constructors and deconstrutors for these record values would make it harder to decompose the implementation of [diff] as separate functions -- [handle], [update], [create] -- which would consequently complicate the Coq proofs. Nevertheless, in the following section, we show that our effort from previous sections was not in vain: we can reuse what was proven for [diff] in verifying a full [HH] implementation of automatic differentiation.*)Sectionhh_implementation.Context `{R₁: !cgraphG Σ, R₂: !heapG Σ}.Definitionto_struct (N : Num) : val :=
(nzero, (none, (nadd, nmul)))%V.Definitionto_Num (zerooneaddmul : val) : Num :=
{| nzero := zero; none := one; nadd := add; nmul := mul |}.Definitionhh_diff : val := λ: "f""num",
let: "nzero" := Fst "num"inlet: "none" := Fst (Snd "num") inlet: "nadd" := Fst (Snd (Snd "num")) inlet: "nmul" := Snd (Snd (Snd "num")) inlet: "create" := λ: "n", InjR ("n", ref "nzero") inlet: "get_val" := λ: "x",
match: "x"with(* Constant. *) InjL "x" =>
match: "x"with(* Zero. *) InjL <> => "nzero"
| (* One. *) InjR <> => "none"end
| (* Variable. *) InjR "x" => Fst "x"endinlet: "update" := λ: "x""incr",
match: "x"with(* Constant. *) InjL <> => #()
| (* Variable. *) InjR "x" =>
let: "xd" := Snd "x"in"xd" <- "nadd" (Load"xd") "incr"endinlet: "handle" := λ: "f""seed",
try: "f""seed"with
effect (λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := "get_val""a"inlet: "bv" := "get_val""b"inmatch: "op"with(* Add *) InjL <> =>
let: "x" := "create" ("nadd""av""bv") in"k""x";;
let: "xd" := get_diff "x"in"update""a""xd";;
"update""b""xd"
| (* Mul *) InjR <> =>
let: "x" := "create" ("nmul""av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := "nmul""bv""xd"inlet: "bd" := "nmul""av""xd"in"update""a""ad";;
"update""b""bd"end
)
| return (λ: "res",
"update""res""none")
endinlet: "vf" := "f" (to_struct ADNum) inλ: "a",
let: "x" := "create""a"in"handle""vf""x";;
get_diff "x".(* The class [NumSpec N Ψ RS] can be seen as the domain of predicates [implements : val → R → iProp Σ] for which the assertions [nzero_spec], [none_spec], [nadd_spec], [nmul_spec] and [implements_pers] hold. In the following, we detach the type of predicates, [val → R → iProp Σ], from its restrictions, which will be bundled into the new typeclass [numSpec]. This allows the specification of [hh_diff] to quantify directly over predicates, instead of terms of type [NumSpec N Ψ RS]. We believe this leads to a more readable definition of [IsExp]. *)ClassnumSpec {R : Set}
(zerooneaddmul : val)
(implements : val → R → iProp Σ)
(Ψ : iEff Σ)
(RS : RingSig R) :=
{
nzero_spec' : ⊢ implements zero (Oᵣ);
none_spec' : ⊢ implements one (Iᵣ);
nadd_spec' E a b r s :
implements a r -∗
implements b s -∗
EWP add a b @ E <| Ψ |> {{ x,
implements x (radd r s) }};
nmul_spec' E a b r s :
implements a r -∗
implements b s -∗
EWP mul a b @ E <| Ψ |> {{ x,
implements x (rmul r s) }};
implements_pers' u r :> Persistent (implements u r);
}.Program InstanceNumSpec' {R : Set} (RS : RingSig R)
(zerooneaddmul : val)
(implements : val → R → iProp Σ)
(Ψ : iEff Σ)
(nSpec : numSpec zero one add mul implements Ψ RS) :
NumSpec (to_Num zero one add mul) Ψ RS :=
{|
implements := implements;
nzero_spec := nzero_spec';
none_spec := none_spec';
nadd_spec := nadd_spec';
nmul_spec := nmul_spec';
implements_pers := implements_pers'
|}.Program InstancenumSpec' {R : Set}
(RS : RingSig R) (N : Num) (Ψ : iEff Σ)
(NSpec : NumSpec N Ψ RS) :
numSpec nzero none nadd nmul implements Ψ RS :=
{|
nzero_spec' := nzero_spec;
none_spec' := none_spec;
nadd_spec' := nadd_spec;
nmul_spec' := nmul_spec;
implements_pers' := implements_pers
|}.DefinitionIsExp (e : val) (E : Expr ()) : iProp Σ :=
∀ (zerooneaddmul : val),
EWP (e (zero, (one, (add, mul)))%V) {{ f,
∀ (R : Set) (RS : RingSig R) (RA : IsRing R) (Ψ : iEff Σ),
∀ (implements : val → R → iProp Σ),
⌜ numSpec zero one add mul implements Ψ RS ⌝ -∗
∀ (x : val) (r : R),
implements x r -∗
EWP (f x) <| Ψ |> {{ y, ∃s,
implements y s ∗
⌜ s =ᵣ eval (map (λ_, r) E) ⌝ }} }}.Definitionhh_diff_spec : Prop :=
⊢ ∀ (e : val) (E : Expr ()),
IsExp e E -∗
EWP hh_diff e {{ e',
IsExp e' (∂ E ./ ∂ tt .at (λ_, Xₑ)) }}.
"Hf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (implements : val → R → iProp Σ),
⌜numSpec nzero none nadd nmul implements Ψ RS⌝
-∗ ∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), r)
E)⌝ }}
--------------------------------------∗
∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval (map (λ_ : (), r) E)⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul, nzero, none, nadd, nmul, f: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ NSpec: NumSpec
{|
nzero := nzero;
none := none;
nadd := nadd;
nmul := nmul
|} Ψ RS N:= to_Num nzero none nadd nmul: Num
"Hf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (implements : val → R → iProp Σ),
⌜numSpec nzero none nadd nmul implements Ψ RS⌝
-∗ ∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), r)
E)⌝ }}
--------------------------------------∗
∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval (map (λ_ : (), r) E)⌝ }}
by iApply ("Hf" $! R RS RA Ψ implements
(numSpec' RS N Ψ NSpec)).
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val
"Hdiff" : isExp (diff (λN : Num, e (to_struct N)))
(∂ E ./ ∂ () .at (λ_ : (), Xₑ))
--------------------------------------∗
EWP let: "vf" := e (to_struct ADNum) inλ: "a",
let: "x" := (λ: "n", InjR ("n", ref zero))%V "a"in
(λ: "f""seed",
deep_try_with (λ: <>, "f""seed")
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := (λ: "x",
match: "x"with
InjL "x" =>
match: "x"with
InjL <> => zero
| InjR <> => one
end
| InjR "x" => Fst "x"end)%V "a"inlet: "bv" := (λ: "x",
match: "x"with
InjL "x" =>
match: "x"with
InjL <> => zero
| InjR <> => one
end
| InjR "x" => Fst "x"end)%V "b"inmatch: "op"with
InjL <> =>
let: "x" := (λ: "n",
InjR ("n", ref zero))%V
(add "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
...%V "a""xd";;
(λ: "x""incr", ...)%V "b""xd"
| InjR <> =>
let: "x" := (λ: "n",
InjR ("n", ref zero))%V
(mul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := mul "bv""xd"inlet: "bd" := mul "av""xd"in
...;; ...%V "b""bd"end)
(λ: "res",
(λ: "x""incr",
match: "x"with
InjL <> => #()
| InjR "x" =>
let: "xd" := Snd "x"in"xd" <- add ! "xd""incr"end)%V "res" one))%V "vf""x";;
get_diff "x"
{{ f, ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (implements : val → R → iProp Σ),
⌜numSpec zero one add mul implements Ψ RS⌝
-∗ ∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num
"Hdiff" : isExp (diff (λN : Num, e (to_struct N)))
(∂ E ./ ∂ () .at (λ_ : (), Xₑ))
--------------------------------------∗
EWP let: "vf" := e (to_struct ADNum) inλ: "a",
let: "x" := (λ: "n", InjR ("n", ref zero))%V "a"in
(λ: "f""seed",
deep_try_with (λ: <>, "f""seed")
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := (λ: "x",
match: "x"with
InjL "x" =>
match: "x"with
InjL <> => zero
| InjR <> => one
end
| InjR "x" => Fst "x"end)%V "a"inlet: "bv" := (λ: "x",
match: "x"with
InjL "x" =>
match: "x"with
InjL <> => zero
| InjR <> => one
end
| InjR "x" => Fst "x"end)%V "b"inmatch: "op"with
InjL <> =>
let: "x" := (λ: "n",
InjR ("n", ref zero))%V
(add "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
...%V "a""xd";;
(λ: "x""incr", ...)%V "b""xd"
| InjR <> =>
let: "x" := (λ: "n",
InjR ("n", ref zero))%V
(mul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := mul "bv""xd"inlet: "bd" := mul "av""xd"in
...;; ...%V "b""bd"end)
(λ: "res",
(λ: "x""incr",
match: "x"with
InjL <> => #()
| InjR "x" =>
let: "xd" := Snd "x"in"xd" <- add ! "xd""incr"end)%V "res" one))%V "vf""x";;
get_diff "x"
{{ f, ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (implements : val → R → iProp Σ),
⌜numSpec zero one add mul implements Ψ RS⌝
-∗ ∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num
"Hdiff" : EWP diff (λN : Num, e (to_struct N)) N
<| ⊥ |> {{ vf, ∀ (R : Set) (RS : RingSig R)
(_ : IsRing R) (Ψ : iEff Σ)
(NSpec : NumSpec N Ψ RS)
(x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements
y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ E
./ ∂ tt
.at
(λ_ : (),
Xₑ)))⌝ }} }}
--------------------------------------∗
EWP let: "vf" := e (to_struct ADNum) inλ: "a",
let: "x" := (λ: "n", InjR ("n", ref zero))%V "a"in
(λ: "f""seed",
deep_try_with (λ: <>, "f""seed")
(λ: "args""k",
let: "op" := Fst "args"inlet: "a" := Fst (Snd "args") inlet: "b" := Snd (Snd "args") inlet: "av" := (λ: "x",
match: "x"with
InjL "x" =>
match: "x"with
InjL <> => zero
| InjR <> => one
end
| InjR "x" => Fst "x"end)%V "a"inlet: "bv" := (λ: "x",
match: "x"with
InjL "x" =>
match: "x"with
InjL <> => zero
| InjR <> => one
end
| InjR "x" => Fst "x"end)%V "b"inmatch: "op"with
InjL <> =>
let: "x" := (λ: "n",
InjR ("n", ref zero))%V
(add "av""bv") in"k""x";;
let: "xd" := get_diff "x"in
...%V "a""xd";;
(λ: "x""incr", ...)%V "b""xd"
| InjR <> =>
let: "x" := (λ: "n",
InjR ("n", ref zero))%V
(mul "av""bv") in"k""x";;
let: "xd" := get_diff "x"inlet: "ad" := mul "bv""xd"inlet: "bd" := mul "av""xd"in
...;; ...%V "b""bd"end)
(λ: "res",
(λ: "x""incr",
match: "x"with
InjL <> => #()
| InjR "x" =>
let: "xd" := Snd "x"in"xd" <- add ! "xd""incr"end)%V "res" one))%V "vf""x";;
get_diff "x"
{{ f, ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (implements : val → R → iProp Σ),
⌜numSpec zero one add mul implements Ψ RS⌝
-∗ ∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }} }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num
∀v : val,
(λvf : val,
∀ (R : Set) (RS : RingSig R) (_ : IsRing R) (Ψ :
iEff
Σ)
(NSpec : NumSpec N Ψ RS) (x : val) (r : R),
implements x r
-∗ EWP vf x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }})
v
={⊤}=∗ (λf : val,
∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (implements : val
→ R → iProp Σ),
⌜numSpec zero one add mul implements Ψ
RS⌝
-∗ ∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (),
r)
(∂ E
./ ∂ tt
.at
(λ_ : (),
Xₑ)))⌝ }})
v
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num f: val
"Hf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS) (x : val)
(r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
--------------------------------------∗
|={⊤}=> ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (implements : val → R → iProp Σ),
⌜numSpec zero one add mul implements Ψ RS⌝
-∗ ∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num f: val
"Hf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS) (x : val)
(r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
--------------------------------------∗
|={⊤}=> ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (implements : val → R → iProp Σ),
⌜numSpec zero one add mul implements Ψ RS⌝
-∗ ∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map
(λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (),
Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num f: val
"Hf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS) (x : val)
(r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
--------------------------------------∗
∀ (R : Set) (RS : RingSig R) (_ : IsRing R) (Ψ : iEff
Σ)
(implements : val → R → iProp Σ),
⌜numSpec zero one add mul implements Ψ RS⌝
-∗ ∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num f: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ implements: val → R → iProp Σ H: numSpec zero one add mul implements Ψ RS
"Hf" : ∀ (R : Set) (RS : RingSig R) (_ : IsRing R)
(Ψ : iEff Σ) (NSpec : NumSpec N Ψ RS) (x : val)
(r : R),
auto_diff.implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
auto_diff.implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
--------------------------------------∗
∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num f: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ implements: val → R → iProp Σ H: numSpec zero one add mul implements Ψ RS
"Hf" : ∀ (NSpec : NumSpec N Ψ RS) (x : val) (r : R),
auto_diff.implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
auto_diff.implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
--------------------------------------∗
∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num f: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ implements: val → R → iProp Σ H: numSpec zero one add mul implements Ψ RS
"Hf" : ∀ (x : val) (r : R),
auto_diff.implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
auto_diff.implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
--------------------------------------∗
∀ (x : val) (r : R),
implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num f: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ implements: val → R → iProp Σ H: numSpec zero one add mul implements Ψ RS x: val X: R
"Hf" : ∀ (x : val) (r : R),
auto_diff.implements x r
-∗ EWP f x
<| Ψ |> {{ y, ∃s : R,
auto_diff.implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), r)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
"Hx" : implements x X
--------------------------------------∗
EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), X)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num f: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ implements: val → R → iProp Σ H: numSpec zero one add mul implements Ψ RS x: val X: R
"Hf" : EWP f x
<| Ψ |> {{ y, ∃s : R,
auto_diff.implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), X)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
--------------------------------------∗
EWP f x
<| Ψ |> {{ y, ∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), X)
(∂ E ./ ∂ tt
.at (λ_ : (), Xₑ)))⌝ }}
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num f: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ implements: val → R → iProp Σ H: numSpec zero one add mul implements Ψ RS x: val X: R
∀v : val,
(λy : val,
∃s : R,
auto_diff.implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), X)
(∂ E ./ ∂ tt .at (λ_ : (), Xₑ)))⌝) v
={⊤}=∗ (λy : val,
∃s : R,
implements y s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), X)
(∂ E ./ ∂ tt .at (λ_ : (), Xₑ)))⌝)
v
Σ: gFunctors R₁: cgraphG Σ R₂: heapG Σ e: val E: Expr () zero, one, add, mul: val N:= to_Num zero one add mul: Num f: val R: Set RS: RingSig R RA: IsRing R Ψ: iEff Σ implements: val → R → iProp Σ H: numSpec zero one add mul implements Ψ RS x: val X: R
∀v : val,
(∃s : R,
implements v s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), X)
(∂ E ./ ∂ tt .at (λ_ : (), Xₑ)))⌝)
={⊤}=∗ ∃s : R,
implements v s
∗ ⌜s =ᵣ
eval
(map (λ_ : (), X)
(∂ E ./ ∂ tt .at (λ_ : (), Xₑ)))⌝